Privacy notice

Controller

The controller within the meaning of GDPR is 24fire GmbH (address see imprint). Data protection requests reach us via the email address provided in the imprint.

Data we collect

When the platform is accessed, technical data is processed: IP address, date and time of access, page accessed, user agent, HTTP status code. This data is processed for the purpose of technical delivery and IT security (legal basis Art. 6 (1) lit. f GDPR).

When you subscribe to status notifications, we store the subscribed email address, the associated tenant, and where applicable selected components or tags. The legal basis is consent under Art. 6 (1) lit. a GDPR. Consent can be revoked at any time via the unsubscribe link in every notification email.

For admin users (tenant staff) we store name, email address, password hash, and where applicable a TOTP secret for two-factor authentication. The legal basis is the performance of a contract under Art. 6 (1) lit. b GDPR.

Cookies and sessions

FireStatus uses technically necessary sessions to maintain login state in the admin panel, plus a cookie to remember the chosen language (firestatus_locale). These cookies are strictly necessary and do not require consent. We do not use tracking or marketing cookies.

Hosting

The platform is hosted — Phase-2 staging placeholder — with a provider operating servers in Germany (planned: Hetzner Online GmbH, Gunzenhausen, Germany). A data processing agreement under Art. 28 GDPR will be in place with the hosting provider. The final hosting partner will be added before launch.

Email delivery (AWS SES)

Transactional emails — subscription confirmations, incident notifications, maintenance updates — are sent via Amazon Simple Email Service (AWS SES, region eu-central-1, Frankfurt am Main). Provider is Amazon Web Services EMEA SARL, Luxembourg. A data processing agreement is in place with AWS. Data processed: recipient email, message content. Legal basis: Art. 6 (1) lit. a GDPR (consent at subscription) and Art. 6 (1) lit. b GDPR (contract performance toward tenants).

Machine translation (DeepL)

Tenant-authored content (component descriptions, incident copy) is automatically translated between German and English when saved in the admin panel. We use the DeepL API operated by DeepL SE, Cologne, Germany. Only tenant-published text is transmitted — no personal data of end users. Legal basis: legitimate interest in offering a multilingual platform under Art. 6 (1) lit. f GDPR.

Web fonts (Bunny Fonts)

We load the Mulish and JetBrains Mono typefaces via the privacy-friendly Bunny Fonts service (BunnyWay d.o.o., Slovenia). Bunny Fonts explicitly does not log IP addresses or user-agent strings of website visitors and is therefore a GDPR-compliant alternative to Google Fonts.

Retention

Server logs are deleted or anonymised after no more than 30 days. Subscriber data is stored until the subscriber unsubscribes. Admin accounts remain stored for the duration of the contractual relationship.

Your rights

You have the following rights against us: access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), objection (Art. 21), and withdrawal of any consent given (Art. 7 (3)). You also have the right to lodge a complaint with a data protection authority — competent is the supervisory authority where 24fire GmbH is registered.

Contact for data protection requests

Please send data protection requests to the email address listed in the imprint. We respond within the statutory deadlines.