HomeFeaturesPricing
This document is available in English. For legal purposes, the English version prevails.

Privacy Policy - Zirvo

Last updated: June 12, 2026Version: 2.0

Summary

  1. Introduction and Scope
  2. Information We Collect
  3. How We Use Information
  4. Legal Bases for Processing (LGPD/GDPR)
  5. Data Sharing
  6. Data Retention
  7. Security and Data Protection
  8. User Rights
  9. International Data Transfers
  10. Cookies and Tracking
  11. Minors Privacy
  12. Changes to this Policy
  13. Contact Information and DPO

1. Introduction and Scope

Welcome to the Zirvo platform (available at https://zirvo.com.br). Zirvo is a global critical infrastructure and observability solution for continuous monitoring of uptime, SSL certificates, DNS records, network latency, and digital system performance.

We value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, store, and protect the information of our Users and customers on the Free, Pro, and Agency plans, in accordance with the Brazilian General Data Protection Law (Law No. 13,709/2018 - LGPD), the General Data Protection Regulation of the European Parliament (GDPR), and other internationally applicable data security regulations.

This policy covers all services provided by our multi-tenant SaaS platform, integration APIs, control panels, web applications, and the operation of our globally distributed monitoring workers. By registering or interacting with our services, you acknowledge that your personal data will be processed as described in this document.

2. Information We Collect

To ensure the stability and operability of real-time monitoring routines, we collect the following categories of data:

a) Account and Registration Data

Identification information voluntarily provided when creating or updating a Zirvo account. This includes full name, corporate or personal email address, organization/tenant name, job title, and billing information (such as tax IDs and credit card details managed securely through encrypted third-party payment gateways like Stripe - Zirvo does not store payment data directly on its servers in an insecure manner).

b) Usage Data and Platform Logs

Records automatically generated on our servers when you navigate the dashboard, create or modify a monitor, or interact with the admin panel. We collect session history, internal calls, error logs, configuration changes, and actions performed by your team members within their respective Workspaces.

c) Technical Data and Telemetry

Origin IP address, browser type (user agent), operating system, JWT-based authentication metadata with a “sub” user identifier, routes accessed in the Zirvo API, usage rate, and bandwidth consumption per minute.

d) Configuration Data Entered by the User

URLs you wish to monitor, servers, domain names, REST API endpoints, GraphQL or WebSocket endpoints, custom response timeouts, network ports, and alert delivery settings - which may contain destination emails, Discord chat IDs, Telegram channels, PagerDuty integration keys, or custom Webhook URLs configured by your organization.

3. How We Use Information

We process your data with high technical precision and a specific purpose to ensure the operation of our distributed monitoring engine. The data collected is used exclusively to:

  • Operate and maintain the platform: Process site verification routines and certify the correct SSL and DNS status across our redundant regions.
  • Send real-time alerts and reports: Trigger automatic and critical notifications about downtime or restrictions on the channels of your choice (email, Slack, Discord, Telegram, or PagerDuty).
  • Abuse prevention and security: Protect the platform against intrusion attempts, cyberattacks, or bypasses of request limits based on Rate Limits and SSRF protection.
  • Analytics and functional improvements: Optimize design, performance, database query response times, and feed our internal AI engine to support rapid identification of operational anomalies.

5. Data Sharing

We never sell or rent the personal information or monitoring data of our Users to advertisers or third parties.

Data sharing occurs only strictly with operational partners acting as data processing sub-operators under strict confidentiality limits:

  • Cloud Infrastructure and Database Providers: Resilient hosting services and high-performance redundant databases.
  • Gateway and Billing Services: Interfaces for recurring billing transactions, such as Stripe.
  • Artificial Intelligence Providers: When using AI-based RCA tools in Zirvo, basic metric logs needed to find the root cause of a failure may be sent to Google Gemini via authenticated requests, treated confidentially, without retaining data for public model training.
  • Message and Alert Delivery Providers: Integrations for system emails, SMS, or notifications for PagerDuty and related services.

6. Data Retention

As a robust global-scale monitoring platform designed for millions of sites, we have a rigorous automated disposal policy to maintain the efficiency of our PostgreSQL (Timescale) databases:

• Raw metrics and telemetry: Retained for 30 days.

• Hourly or daily aggregated metrics (for performance charts): Retained for 1 year to support the dashboard.

• Historical system incident records: Retained for as long as the customer keeps their account active.

• Registration information and billing data: Kept active for the duration of your contractual relationship with us.

When you delete your Zirvo account, your data is permanently deleted or will undergo a definitive anonymization process within 30 days of the request.

7. Security and Data Protection (Zero-Trust)

We operate a security model based on Zero-Trust Global principles:

Strict EncryptionAll data entered and processed by Zirvo is transmitted encrypted via TLS 1.3 in transit and archived with the industry-standard AES-256 at rest.
Multi-Tenant IsolationOur database and messaging bus implement partition isolation by tenant and siteId hash, ensuring that no information from one customer crosses the logical boundary to another.
Credential EncryptionPasswords and API Keys are cryptographically hashed (Argon2) before being saved, preventing plaintext reads.
Active SSRF ProtectionEvery request made by our workers against external systems is checked against an IP blocklist (RFC 1918, loopback, link-local), preventing abuse and intrusions into private networks.

8. User Rights

Any User (whether a Brazilian resident protected by the LGPD, or a European citizen covered by the GDPR) holds important privacy guarantees. You have full rights to:

  • Access and Confirmation: Obtain confirmation of whether your data is being processed and gain access to it.
  • Correction: Request the update of incorrect, incomplete, or outdated personal data.
  • Export (Portability): Easily export monitoring data and billing records in readable, structured formats for migration or local backup.
  • Deletion (Right to be Forgotten): Have your registration data permanently deleted from Zirvo (account deletion can be performed through the dashboard control panel or requested via support).

9. International Data Transfers

Given the global active-active architecture of Zirvo, your basic technical and monitored infrastructure data may be replicated across our redundant data centers in other countries (such as the US and EU members) to ensure multi-region resilience. We ensure these transfers are based on appropriate protective mechanisms, such as Standard Contractual Clauses (SCCs) required by global governance regulations.

10. Cookies and Tracking

We use cookies and similar technologies to:

  • Authentication: Essential and temporary cookies to identify your active session, keep your login secure, and manage encrypted refresh tokens.
  • Security: Control and block suspicious requests, denial-of-service bots, and internal area bypasses.
  • Performance and Analytics: Evaluate performance bottlenecks and optimize frontend components so the dashboard processes changes with high responsiveness in web and mobile browsers.

11. Minors Privacy

Our services are strictly targeted at developers, site reliability engineers (SREs), technology professionals, digital agencies, and companies. Zirvo does not intentionally collect personal data or profiles of individuals under 18 years of age. If such a registration is accidentally discovered, it will be immediately removed.

12. Changes to this Policy

We reserve the right to review or make minor changes to the wording of this Privacy Policy to keep it fully aligned with best privacy practices and technological compliance developments. In the event of high-impact structural changes (such as changes to processing purposes), we will post a visible notice in our dashboard banners in advance and notify our Customer base via corporate email.

13. Contact Information and DPO

Zirvo has a dedicated Data Protection Officer (DPO) to assist our users with questions about our legal conduct and privacy protection.

To exercise your rights as a data subject or send any questions, use our official channels organized by area:

Privacy Questions and DPO: legal@zirvo.com.br

Technical Support and Platform: suporte@zirvo.com.br

General Contact and Inquiries: contato@zirvo.com.br

Security and Vulnerabilities: security@zirvo.com.br

Institutional Communications: zirvo@zirvo.com.br

Mailing Address: Nova Alvorada do Sul - MS, Brazil