Privacy Policy

Last updated: 22 May 2026 · Controller: SkyQon, based in Belgium · Contact: [email protected].

1. Who we are

The SkyQon is operated by SkyQon, based in Belgium, the data controller for the personal data described in this policy. For any privacy matter contact [email protected] (please mark it “Privacy”).

2. What we collect

(a) Account & contact data you provide: name, work email, company, and the alert-recipient email address(es) you nominate. (b) Service data: the domains, hosts and ports you ask us to monitor and the certificate, DNS, email-authentication and TLS metadata we observe at those public endpoints (issuer, validity dates, signature and key algorithms, fingerprints, DNS records). This is infrastructure metadata; it may incidentally include an individual’s name where one appears in a certificate. (c) Lead/enquiry data: the information you submit through the trial or contact forms. (d) Technical data: server logs, including IP address and user-agent, for security and abuse prevention. We do not collect or store payment-card data — payments are handled by Paddle.

3. Why & lawful basis

We process account and service data to provide the monitoring service, run scans and send alerts and reports (performance of a contract); lead/enquiry data to respond to and administer your request (pre-contractual steps and our legitimate interest in handling enquiries); technical and log data for security, abuse prevention and service integrity (our legitimate interest, and legal obligation where applicable); and we share the data necessary for billing with Paddle so it can invoice and handle tax (performance of a contract). Where we ever rely on consent (e.g. optional communications) you may withdraw it at any time.

4. Processors & recipients

We use a limited set of sub-processors: our hosting providers (the public site and lead-capture endpoint are hosted on Hostinger; the production monitoring application and its database are hosted at Hetzner in the EU); Brevo (Sendinblue) for transactional and alert email delivery; and Paddle as Merchant of Record for payment processing (Paddle acts as an independent controller for payment data). The current sub-processor list, with function and region, is maintained in the Data Processing Addendum.

5. International transfers

The monitoring application and its database are hosted in the EU. Where a sub-processor processes personal data outside the EEA, we rely on an adequacy decision or on EU Standard Contractual Clauses together with appropriate supplementary measures.

6. Retention

Account and configuration data are retained for the life of the account and deleted within 90 days of account closure, unless a longer period is required by law. Scan history is retained for the tier-dependent history window and deleted with the account. Lead/enquiry submissions are retained for up to 24 months. Server logs are retained for up to 12 months.

7. Your rights

Subject to applicable law you have the right to access, rectify, erase, restrict or object to the processing of your personal data, the right to data portability, and the right to withdraw consent where processing is based on consent. To exercise any of these rights email [email protected]. You also have the right to lodge a complaint with the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit — www.dataprotectionauthority.be) or with the supervisory authority in your country of residence.

8. Cookies & analytics

The monitor.skyqon.com marketing pages use only strictly necessary cookies/local storage required to serve the site (such as your theme and currency preference); they do not use advertising or third-party tracking cookies. The authenticated monitoring application uses a session/authentication token that is strictly necessary to keep you signed in.

We use Cloudflare Web Analytics to measure aggregate page views and basic performance on the marketing pages. It is cookieless and does not set or read any client-side identifiers, does not build cross-site profiles, and does not transmit personally identifiable information. Cloudflare is already our DNS and CDN provider — enabling this feature does not introduce a new sub-processor. Aggregate analytics do not require consent under GDPR/ePrivacy in the EEA when they fit this profile (cookieless, no identifiers, no cross-site tracking); we will re-evaluate if guidance changes. Cloudflare's documentation: cloudflare.com/web-analytics.

9. Changes & contact

We will post changes here with an updated effective date and, for material changes, notify the account contact by email. Contact: [email protected].