OnCall Manager

Privacy Policy

Last updated: February 1, 2026

On-Call Manager ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address
  • Password (stored as a one-way hash — we never store your plaintext password)
  • Organisation name

1.2 Team Member Data

When you add team members to your organisation, you may provide:

  • Team member names
  • Email addresses
  • Phone numbers (for SMS notifications)
  • Timezone preferences

1.3 Incident Data

We store incident information including titles, descriptions, severity levels, service names, timestamps, acknowledgement and resolution data, and root cause analysis reports.

1.4 Usage Data

We automatically collect certain information when you access the Service, including browser type, IP address, pages visited, and access times. This data is used to improve the Service and diagnose technical issues.

1.5 Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers or bank account details. We only store your Stripe customer ID for billing management.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Send incident alerts and notifications via SMS, Slack, and other configured channels
  • Process payments and manage your subscription
  • Send important service announcements and updates
  • Respond to your support requests
  • Detect and prevent fraud or abuse

3. Third-Party Services

We share data with the following third-party services as necessary to provide the Service:

3.1 Stripe

We use Stripe for payment processing. Your payment information is handled directly by Stripe in accordance with their privacy policy. We share your email address and organisation name with Stripe for billing purposes.

3.2 Sudonum

We use Sudonum for SMS notification delivery. When SMS alerts are triggered, team member phone numbers and alert messages are transmitted to Sudonum for delivery.

3.3 Slack

If you enable Slack integration, incident notifications are sent to your configured Slack workspace. We share incident details (titles, descriptions, severity, status) with Slack via their API.

4. Cookies

We use essential cookies to maintain your login session and protect against cross-site request forgery (CSRF). We do not use tracking cookies or third-party analytics cookies.

  • Session cookie: Maintains your authenticated session. Expires when you log out or after 60 days of inactivity.
  • CSRF token: Protects against cross-site request forgery attacks.

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your data within 30 days, except where we are required by law to retain it for longer.

Incident and notification logs are retained for the duration of your subscription. You may request export or deletion of your data at any time.

6. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption of data in transit (TLS/HTTPS)
  • Secure password hashing (bcrypt)
  • Regular security updates and patching
  • Access controls and authentication

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. POPIA Compliance (South Africa)

We comply with the Protection of Personal Information Act (POPIA) of South Africa. As a responsible party, we:

  • Process personal information lawfully and in a reasonable manner
  • Collect information only for a specific, explicitly defined, and lawful purpose
  • Do not retain information longer than necessary
  • Take reasonable measures to ensure information is complete, accurate, and up to date
  • Secure the integrity and confidentiality of personal information

8. Your Rights

You have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Portability: Request export of your data in a machine-readable format
  • Objection: Object to the processing of your personal information
  • Restriction: Request restriction of processing in certain circumstances

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

9. Children's Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

11. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us at:

On-Call Manager
Email: [email protected]

Terms of Service ← Back to Home