Privacy Policy

PagingWho ("we", "us", or "our") operates the PagingWho incident management platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Account information

When you create an account we collect your name, email address, and organisation name. If you sign in via Google, we receive your name, email, and profile picture from Google.

Billing information

Payment processing is handled by Stripe. We do not store your full card number. Stripe provides us with a token, card brand, last four digits, and expiry date for display purposes.

Usage data

We collect information about how you use the service, including incident data, alert metadata, on-call schedules, and escalation policies you configure. We also collect device information (device name, platform, app version) when you register a mobile device for push notifications.

Log and analytics data

Our servers automatically record requests made to the platform, including IP address, browser type, referring URL, and timestamps. We use this data for security monitoring, debugging, and service improvement.

We use the information we collect to:

• Provide, operate, and maintain the PagingWho platform
• Send you incident alerts, escalation notifications, and push notifications
• Process payments and manage your subscription
• Send transactional emails (account verification, password resets, billing receipts)
• Monitor and improve the reliability and performance of the service
• Detect, prevent, and address security incidents and abuse
• Comply with legal obligations

We do not sell your personal information. We do not use your data for advertising.

We share your information only in the following circumstances:

• Service providers — we use third-party providers to help operate the platform (e.g. Stripe for payments, Apple Push Notification service for mobile alerts, infrastructure hosting). These providers only access data necessary to perform their function.
• Within your organisation — other members of your PagingWho account can see shared data such as incidents, schedules, teams, and audit logs.
• Legal requirements — we may disclose information if required by law, regulation, or legal process.

We retain your account data for as long as your account is active. Incident data and audit logs are retained for the duration of your subscription. When you delete your account, we delete your personal data within 30 days, except where we are required to retain it by law.

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), encryption at rest, role-based access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict certain processing
• Data portability
• Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at [email protected].

We use essential cookies to maintain your authenticated session and store your preferences. We do not use third-party advertising or tracking cookies.

Your data may be processed in countries other than your own. Where we transfer data outside the UK or EEA, we ensure appropriate safeguards are in place in accordance with applicable data protection law.

PagingWho is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the platform. Your continued use of the service after changes take effect constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy, contact us at [email protected].