GDPR & Trust at live24h

Monitoring with a German/EU focus: DPA, EU hosting (Amsterdam/Frankfurt), double opt-in for subscribers, export/delete on request, audit logs from Pro.

Monitoring with an EU/DE focus and clear data-protection processes

Many monitoring tools are globally strong on tech but vague about data protection, data location and contract governance. live24h is deliberately built for companies that need clean answers – not just a “GDPR-compliant” sticker.

EU hosting (Amsterdam/Frankfurt)

  • Azure West Europe (Amsterdam) for API and database
  • Hetzner Nuremberg for status pages
  • AWS Frankfurt for email and auth (SES/Cognito)
  • Multi-region workers (Amsterdam, Frankfurt, more planned)

German company with DPA

  • live24h is operated by a German sole proprietorship based in Hesse, Germany
  • Full provider and contact details: see the legal notice
  • Data Processing Agreement (DPA, English) or Auftragsverarbeitungsvertrag (AVV, German) available
  • Direct contact person, German contract language possible

You can find the privacy policy , the legal notice and the DPA in our legal section.

Subscriber protection: double opt-in

  • Every status-page subscriber has to confirm their email before notifications go out
  • No automated outreach without prior confirmation
  • Subscriber data is never shared with third parties

Data control: export and delete

  • Full GDPR data export of account and monitor data on request
  • Deletion requests are handled within the statutory deadline
  • Audit logs from the Pro tier: who changed what, and when

Security

  • HTTPS is mandatory, HSTS enabled
  • Encryption at rest for databases
  • Access control via Cognito (MFA available)
  • SSO/SAML on the Enterprise tier

We use Plausible Analytics for aggregated visitor statistics on this marketing site. Plausible is cookie-free, stores no personal data and is hosted in the EU. No cookie banner is required because no cookies or trackers are set. Plausible only collects anonymised page views, referrers and CTA-click event names – no IP storage and no device fingerprinting. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in reach measurement).

What we deliberately do not do

  • No tracking or analytics tools such as Google Analytics or Facebook Pixel
  • No data sharing with US companies outside of AWS EU and Microsoft EU
  • No advertising cookies
  • No selling of data

Compliance reviews

  • Request the DPA/AVV by email to support@live24h.eu
  • Typical response within 1-2 business days
  • Audit reports and SOC reports on Enterprise request

Next steps