SoloNOC Privacy Policy

Effective date: 2026-04-21 · Last updated: 2026-04-21

SoloNOC ("SoloNOC", "we", "us") is a Network Operations Center monitoring tool operated by Andrew Wilcox. This policy explains what information we collect, why we collect it, and how we handle it.

1. What SoloNOC does

SoloNOC lets a single operator monitor network devices (routers, switches, servers) across one or more sites. You install a lightweight agent on a machine inside your network; the agent polls devices you register via SNMP, ping, and ARP, and reports health data to our servers so you can view alerts and dashboards from the web app, the iOS app, or the Apple Watch companion.

2. Information we collect

Account data you provide directly:

• Email address and password (stored hashed with bcrypt)
• Organization name
• Optional profile fields (display name, timezone)

Monitoring data you or your agent sends us:

• Sites, devices, and their configurations (IP addresses, hostnames, SNMP community strings or v3 credentials you enter, interface descriptions)
• Telemetry: ping latency, packet loss, interface up/down state, SNMP counter samples, CPU/memory readings, ARP/neighbor tables
• Alerts and their acknowledgement status
• Audit log entries (who changed what, when)

Technical data collected automatically when you use the service:

• IP address of requests to the API and web app (used for rate limiting and anti-abuse)
• Browser/user-agent string and app version
• Session tokens (JWT) — rotated every 24 hours, refresh tokens rotated on use
• Server-side error logs, including request path and status code
• Push notification device tokens (iOS APNS, Android FCM) if you enable push

3. How we use information

• To run the monitoring service — poll your devices, raise alerts, render dashboards
• To authenticate you and keep your account secure
• To send operational email (verification, password reset, billing receipts)
• To deliver push notifications for alerts you have configured
• To detect and prevent abuse (rate limits, per-IP org caps, credential-stuffing defence)
• To comply with legal obligations and respond to lawful requests

We do not sell your information. We do not use your monitoring data to train AI models. We do not serve third-party ads.

4. Where your data lives

Your data is stored on servers we operate in the United States (Vultr, New Jersey). Databases are PostgreSQL with TimescaleDB for time-series metrics. Backups are encrypted and rotated.

5. Sub-processors

We use the following third parties to operate the service:

• Vultr — infrastructure hosting (US)
• Namecheap / Let's Encrypt — domain + TLS certificates
• Apple Push Notification service — iOS push delivery (if you enable push)
• Google Firebase Cloud Messaging — Android push delivery (if you enable push and we have enabled the channel)
• Stripe — payment processing (only the last 4 digits of a card and a tokenized reference ever touch our servers)
• Postmark — transactional email (verification, receipts)

6. Retention

• Time-series metrics: retained per your plan (free 7 days, solo 30 days, pro 90 days, enterprise 365 days)
• Alerts and audit log: retained for the lifetime of the account
• Server error logs: 30 days
• Backups: 30 days rolling

If you delete your account, we purge account data and monitoring data within 30 days, retaining only the minimum necessary for legal, tax, or abuse-prevention purposes.

7. Your rights

You can:

• Access, export, or delete your account data from the app's Settings screen
• Correct or update your email via account settings
• Withdraw consent for push notifications at any time from your phone or watch settings
• Request a full data export or deletion by emailing privacy@solonoc.com

If you are a resident of the EU/UK, California, or another jurisdiction with specific privacy rights (GDPR, CCPA, etc.), you have additional rights including objection, restriction, and data portability. Contact us to exercise them.

8. Security

• All traffic uses HTTPS (TLS 1.2+) with HSTS, CSP, and strict referrer policy
• Passwords are stored only as bcrypt hashes
• Tokens are rotated on refresh; stale refresh tokens are invalidated
• On the iOS client, credentials are stored in the iOS Keychain; on Android, in EncryptedSharedPreferences
• Device-side telemetry is sent to your account and is not accessible to other customers

No system is perfectly secure. If you believe you have found a vulnerability, please email security@solonoc.com.

9. Children

SoloNOC is a professional network-operations tool and is not directed to children under 13. We do not knowingly collect data from children.

10. International transfers

If you access the service from outside the United States, your information is transferred to and processed in the United States. By using the service you consent to this transfer.

11. Changes to this policy

We will post material changes to this page and, for logged-in users, notify you in the app at least 14 days before the change takes effect. The "Last updated" date at the top reflects the most recent revision.

12. Contact

Privacy questions: privacy@solonoc.com
Security reports: security@solonoc.com
Mail: SoloNOC, c/o Andrew Wilcox (address available on request)