hub MarionetteOps Monitor orchestration
Legal

GDPR Compliance

Last updated: June 2, 2026

1. Intro

1.1 What is personal data?

Under the GDPR, personal data generally means information that relates to an identified or identifiable living person. Information that cannot identify a person on its own may still be personal data when combined with other information.

Information that has been irreversibly anonymized so the person is no longer identifiable is generally not considered personal data. One-way hashed values may stop being personal data only when they cannot reasonably be reversed or tied back to an identifiable person.

This page describes how MarionetteOps approaches GDPR rights and data handling for people who use the service. It should be read together with our Privacy Policy.

2. Data

2.1 Data storage

MarionetteOps stores service data electronically in application databases, file storage, logs, and backup systems used to operate the website, API, dashboards, agents, monitors, alerting features, status pages, reports, billing workflows, and support workflows.

Database tables that contain account and service data are intended to be accessed by the application and authorized operational tooling, not by public network access. Monitoring agents and service components communicate with MarionetteOps through controlled APIs rather than direct database access.

User passwords are hashed before storage. Plain text passwords are not stored by MarionetteOps and cannot be displayed back to users.

2.2 Data collection and use

Section 2 of our Privacy Policy explains the categories of information MarionetteOps may collect. Section 3 of that policy explains how the information is used to provide and protect the service.

2.3 Personal data we may process

Depending on what you provide and how your account is used, MarionetteOps may process personal data such as:

  • Name, username, email address, organization membership, and account preferences.
  • IP addresses and technical metadata recorded during signup, login, account activity, API access, security checks, and support troubleshooting.
  • Notification contact details, including email addresses, phone numbers, webhook destinations, and escalation settings.
  • Billing, invoice, plan, transaction, and payment status information.
  • Support messages, sales inquiries, attachments, and troubleshooting context you send to us.

2.4 Private service data

Some data you store in MarionetteOps may not identify a person by itself, such as monitor names, hostnames, URLs, IP addresses, ports, cron endpoints, agent reports, system metrics, response times, status codes, alert history, public status page content, and report data. Even when this data is not personal data, we treat it as private customer data unless you choose to publish it through a public feature.

2.5 Data access

Personal data is accessed at the application level by MarionetteOps features and by authorized staff or service providers only when needed for support, security, billing, operations, legal compliance, or service administration.

Administrative access is intended to be limited to people and systems with a legitimate need. Operational access may be logged, monitored, and reviewed.

2.6 Data backups

We may use replication, snapshots, and backups to protect service availability and recover from failure. Backups may contain personal data and may persist for a limited period after active records are changed or deleted.

When a deletion request is completed, active systems are updated first. Backup copies are removed or overwritten according to the normal backup lifecycle unless immediate removal is technically feasible and legally required.

3. User Rights

3.1 Right to be informed

This GDPR Compliance page and our Privacy Policy explain what data we collect, why we collect it, and how it is used to provide MarionetteOps. Some personal data is required for core service functionality such as account access, security, monitoring, alerting, billing, and support.

3.2 Right of access

You can access and review many categories of data directly in your account, including account settings, organizations, monitors, agents, notification contacts, thresholds, reports, status pages, billing views, and related dashboard settings.

Some technical records, such as registration IP address, login IP address, active session metadata, API request metadata, and internal activity logs, may not be directly visible in the dashboard. You can contact support to request access to personal data that is not self-service.

3.3 Right to rectification

You can update many account and service records yourself from the dashboard. This includes account details, organization information, notification contacts, monitors, agents, thresholds, status pages, and preferences.

Some records, such as historical IP addresses, immutable security logs, billing records, and audit events, may not be editable because they are needed for security, accounting, compliance, or service integrity.

3.4 Right to erasure

You can delete optional service records such as monitors, agents, notification contacts, status pages, API keys, and organization data where dashboard controls are available. You may also contact support to request account deletion or broader erasure of personal data.

After a verified erasure request, MarionetteOps will delete or anonymize applicable personal data from active systems within a reasonable period, subject to legal, security, billing, fraud-prevention, and operational retention requirements.

We may retain limited hashed or otherwise minimized records where needed to prevent abuse, enforce account restrictions, preserve security, or comply with law.

3.5 Right to restriction

You may request that MarionetteOps restrict processing of your personal data in circumstances where GDPR grants that right. Because some processing is necessary to operate the service, restriction may require suspending monitors, disabling notifications, closing an account, or limiting account features.

3.6 Right to data portability

You may request a copy of personal data you provided to MarionetteOps in a commonly used electronic format. We may ask you to verify your identity before providing exported data.

3.7 Right to object

You may object to certain processing of your personal data by contacting support. You can also unsubscribe from non-essential messages where an unsubscribe option is provided.

Some messages are necessary for service operation and cannot be opted out of while your account remains active, including security notices, password reset messages, account verification, billing messages, critical service notices, and monitoring alerts you configured.

4. Requests

To submit a GDPR request, email support from the address associated with your MarionetteOps account and describe the right you want to exercise. We may request additional information to verify your identity, confirm account ownership, clarify the request, or protect other users' data.

We aim to respond to valid GDPR requests within one month where required by law. If a request is complex or numerous, we may extend the response period as allowed by GDPR and will notify you when applicable.

5. Notification

5.1 Breach notification

If we become aware of a personal data breach that is likely to result in a risk to affected individuals, we will notify affected users and applicable regulators when required by GDPR or other applicable law.

6. Contact

GDPR, privacy, and account requests can be sent to support@johnqdeveloper.zendesk.com.

Sales and plan questions can be sent to support@johnqdeveloper.zendesk.com.