Skip to main content
StatFlow

Privacy Policy

Last updated: April 2, 2026

1. Introduction

StatFlow is a metrics ingestion and monitoring service operated by DoubleU Labs, LLC ("DoubleU Labs", "we", "us", or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use StatFlow ("the Service"). By using the Service, you agree to the terms of this Privacy Policy.

If you have questions, contact us at support@doubleulabs.com.

2. Information We Collect

2.1 Account Information

When you register, we collect your email address and a hashed password. We never store your password in plain text. We use industry-standard bcrypt hashing.

2.2 Metric Data

The core purpose of StatFlow is to store metric data you send us: stat names, numeric values, timestamps, and associated metadata. This data belongs to you and is used solely to provide the Service.

2.3 Usage and Technical Data

We collect standard server logs including IP addresses, HTTP request paths, user agent strings, timestamps, and response codes. This data is used for security monitoring, debugging, and service reliability. Logs are retained for 30 days.

2.4 Billing Information

Payment processing is handled entirely by our third-party payment processor. We do not store your full credit card number, CVV, or full payment details on our servers. We store only a customer identifier and subscription status to manage your plan.

2.5 Communications

If you contact us by email, we retain that correspondence to respond to your inquiry and improve our support. We may send transactional emails (account verification, billing receipts, alert notifications, critical service announcements). We do not send marketing emails without your explicit opt-in.

3. How We Use Your Information

  • To provide, operate, and maintain the Service
  • To process transactions and send billing confirmations
  • To send alert notifications you have configured
  • To verify your email address and secure your account
  • To detect, investigate, and prevent fraudulent or abusive activity
  • To diagnose technical problems and improve the Service
  • To comply with legal obligations

We do not use your metric data for advertising, do not sell it, and do not train machine learning models on it.

4. How We Share Your Information

We do not sell your personal data. We may share information in the following limited circumstances:

4.1 Service Providers

We use a small number of trusted third-party service providers to operate the Service. Each provider receives only the minimum data necessary to perform their function and is contractually prohibited from using your data for any other purpose. The categories of providers we use include:

  • Payment processing — handles billing and subscription management. We do not receive or store your full payment details.
  • Transactional email delivery — sends account verification, billing, and alert notification emails. Receives your email address only.
  • Cloud infrastructure & hosting — servers on which the Service runs and your data is stored. Subject to appropriate data processing agreements.
  • Performance & error monitoring — anonymized, aggregated data used to measure and improve Service reliability. No personal data is shared.

4.2 Legal Requirements

We may disclose information if required by law, subpoena, court order, or other legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.3 Business Transfers

If DoubleU Labs is acquired, merges with another company, or transfers all or part of its assets, your information may be transferred as part of that transaction. We will notify you by email and/or a prominent notice on the Service prior to any such transfer.

5. Data Retention

We retain your account and metric data for as long as your account is active or as needed to provide the Service. Retention limits per plan (e.g., 7-day data retention on Hobby, 1 year on Indie) apply to metric data specifically. Account data is retained until you request deletion.

You may request deletion of your account and all associated data at any time by contacting support@doubleulabs.com. We will process deletion requests within 30 days, subject to legal obligations to retain certain records (e.g., billing records for tax purposes).

6. Data Security

We implement reasonable security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These include:

  • TLS/HTTPS encryption for all data in transit
  • Passwords hashed with bcrypt
  • API keys stored as SHA-256 hashes, never in plain text
  • JWTs with short expiry signed with a secret key
  • Rate limiting and brute-force protection on authentication endpoints
  • Infrastructure access restricted to authorized personnel

No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable security practices, we cannot guarantee absolute security.

7. Cookies and Tracking

We do not use advertising cookies or third-party tracking pixels. The Service uses:

  • Session cookies necessary for authentication and security (JWT stored in localStorage)
  • Anonymized, aggregated performance analytics — used to measure page load times and Service reliability. No personal data is collected or transmitted.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the data we hold about you
  • Correction — request correction of inaccurate data
  • Deletion — request deletion of your account and data
  • Portability — request your metric data in machine-readable format (CSV/JSON export available in the dashboard)
  • Objection — object to certain processing activities

To exercise any of these rights, email support@doubleulabs.com with your request. We will respond within 30 days.

9. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact us immediately and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email and/or by posting a prominent notice on the Service at least 14 days before the change takes effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions or requests:

DoubleU Labs, LLC

Email: support@doubleulabs.com