Privacy Policy
Version 1.4 - Effective from June 2, 2026
1. Data Controller
GIJA HUB MB
Polocko g. 4B-20
Vilniaus m., Lithuania
Email: agne@gijahub.com
2. What data we collect
We collect and process the following personal data:
Account data
- Email address (required for account creation and notifications)
- Password (stored securely hashed, never in plain text)
- Google account identifier (if you sign in with Google — used only to link your account, never shared)
- Account creation date and last login time
Monitoring data
- URLs you choose to monitor
- Monitoring results: response times, availability status, SSL/domain expiry, performance data
- Historical monitoring data displayed in your dashboard
Marketing communications
- Newsletter opt-in status (if you voluntarily subscribed during registration or later)
Technical data
- IP address (for security and abuse prevention)
- Browser type and version
- Device information
3. How we use your data
We use your data for the following purposes:
- Service Delivery: To monitor websites you specify and send you alerts
- Account Management: To authenticate you and manage your account
- Communication: To send service notifications, alerts, and important updates
- Marketing: To send newsletters and product updates, only if you have explicitly opted in
- Service Improvement: To analyze usage patterns and improve our service
- Security: To detect and prevent fraud, abuse, and security threats
4. Legal basis for processing (GDPR)
We process your personal data under the following legal bases:
- Contract Performance (Art. 6(1)(b)): Processing necessary to provide our monitoring services to you
- Consent (Art. 6(1)(a)): Sending marketing communications (newsletter) to users who have explicitly opted in
- Legitimate Interest (Art. 6(1)(f)): Security measures, fraud prevention, and service improvements
- Legal Obligation (Art. 6(1)(c)): Compliance with applicable laws and regulations
5. Data sharing & third parties
We share data with the following categories of third parties:
- Authentication Provider: Google LLC is used as an optional sign-in provider. If you choose to sign in with Google, your browser is redirected to Google for authentication. See Section 6 for details.
- Infrastructure Providers: EU-based cloud hosting for data storage and processing
- Email Service: Transactional email service for sending notification emails
- Payment Processors: For processing credit purchases (we do not store payment card details)
- Bot Protection: We use a self-hosted, privacy-preserving CAPTCHA on login, registration, and password reset pages to protect against automated abuse. This system runs entirely on our own servers — no data leaves our infrastructure, no cookies are set, and no personal data is sent to third parties. It works by asking your browser to solve a small computational puzzle (proof-of-work).
- Analytics: We use Plausible Analytics, a privacy-focused, self-hosted analytics service that does not set cookies. Plausible collects anonymized usage data (page views, device type, country derived from IP address) for aggregate statistical analysis. No data is shared with advertisers or used for profiling.
We do not sell your personal data to third parties. We do not share your data for advertising purposes.
6. Google Sign-In
We offer Google Sign-In as an optional, secondary authentication method. You can always create an account and sign in using your email address and a password instead.
What happens when you sign in with Google
- You are redirected to Google's authentication servers, where you sign in to your Google account and authorize notiduck
- Google provides us with your email address and a unique Google account identifier — nothing else
- We use this information to create or access your notiduck account
- We do not request or store your Google profile name, profile picture, or any other Google data
What we do not do
- We do not store Google access tokens or refresh tokens
- We do not access any other Google services or data (Drive, Calendar, Contacts, etc.)
- We do not share your monitoring data or website history with Google
- We do not post anything on your behalf to any Google service
Data retention
Your Google account identifier is retained for as long as your notiduck account is active, so that you can continue signing in with Google. If you delete your notiduck account, your Google identifier is deleted along with all other account data within 30 days.
Disconnecting Google
You can unlink your Google account at any time by setting a password via the "Forgot Password" feature and then contacting us to remove the Google link. After unlinking, you sign in with your email and password only.
Google's role
Google is a data processor for the sole purpose of authenticating you. Google's use of information received from Google APIs is governed by Google's API Services User Data Policy, including the Limited Use requirements. We comply with these requirements.
7. Data retention
- Account Data: Retained while your account is active, deleted within 30 days of account deletion
- Monitoring History: Retained for 90 days, then automatically deleted
- Server Logs: Retained for 14 days for security purposes
8. Your rights (GDPR)
Under GDPR, you have the following rights:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate personal data
- Erasure: Request deletion of your personal data ("right to be forgotten")
- Restriction: Request restriction of processing in certain circumstances
- Portability: Receive your data in a structured, machine-readable format
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: You may withdraw consent for marketing communications at any time via the unsubscribe link in any email or by contacting us. Withdrawal does not affect the lawfulness of processing before withdrawal.
To exercise these rights, contact us at agne@gijahub.com. We will respond within 30 days.
9. Data security
We implement appropriate technical and organizational measures to protect your data:
- All data transmitted via HTTPS encryption
- Passwords stored using industry-standard hashing (bcrypt)
- Appropriate technical measures to protect data at rest
- Regular security updates and monitoring
- Access controls limiting employee access to personal data
10. International data transfers
Your data is primarily stored on servers located in the European Union. Some third-party services may process data outside the EU. In such cases, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.
When you use Google Sign-In, your browser is temporarily redirected to Google's servers (which may be located outside the EU) for authentication. After authentication, you are redirected back to notiduck and all subsequent data processing takes place within the EU. Google's processing is subject to Standard Contractual Clauses as authorized by the European Commission.
11. Cookies
We use only essential cookies required for the service to function. See our Cookie Policy for details.
12. Children's privacy
Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.
13. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through a notice on our website. Continued use of the service after changes constitutes acceptance of the updated policy.
14. Contact & complaints
For privacy-related questions or to exercise your rights, contact us at: agne@gijahub.com
If you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority. For Lithuania, this is the State Data Protection Inspectorate (VDAI): vdai.lrv.lt
Last revised: June 2, 2026