Home / Docs
How DiffMon works across monitoring, alerts, security, and API integration.

Security and data handling

How DiffMon stores monitoring data, protects secrets, scopes access, handles retention, and documents privacy and legal terms.

Security and data handling overview

DiffMon is built around workspace-scoped data ownership, role-based access, TLS in transit, and explicit retention rules. This page explains what data DiffMon stores, how sensitive configuration is handled, how access is limited, and where to find privacy and legal information.

If you need the operator-facing view for monitor auth, payload storage, and minimization guidance, start with Sensitive monitor data.

What DiffMon stores

  • account and workspace metadata
  • monitor configuration, request settings, and alert destinations
  • run metadata such as status, latency, and change status
  • diffs and change summaries
  • payload artifacts or snapshots, depending on monitor behavior and retention
  • billing-related workspace metadata

At the architecture level, DiffMon uses relational storage for product records, Redis-backed state for jobs and rate limits, and object storage for stored artifacts.

Workspace isolation and role-based access

DiffMon uses the workspace as the primary boundary for billing, entitlements, and data ownership. Users can belong to one or more workspaces, and access is scoped through workspace membership.

Current role model:

  • Viewer - read-only access
  • Member - can manage monitors, webhooks, and API tokens
  • Owner - full access, including billing, members, and workspace settings

Sensitive actions are expected to be audit-logged as part of the workspace governance model. See Roles and permissions and Audit log.

Secrets and sensitive configuration

  • Monitor authentication values are treated as secrets and are encrypted at rest.
  • API tokens are stored as irreversible hashes rather than plaintext.
  • Webhook signing secrets use protected server-side handling and are stored encrypted or hashed as applicable.
  • Sensitive values are not intended to be re-shown after save where the product treats them as secret material.
  • Authorization headers and similar sensitive values are redacted from logs and support intake.

If you are monitoring protected systems, use the narrowest possible credential and review Sensitive monitor data before enabling long-lived payload storage.

Network and runtime protections

  • Webhook delivery requires HTTPS and uses HMAC signing.
  • Outbound fetches and browser-render runs apply SSRF controls, redirect validation, and private-IP blocking.
  • Browser-render monitoring uses fresh ephemeral browser contexts and does not persist cookies or local storage between runs.
  • Unsafe browser schemes and local file access are blocked.

Logging and support data minimization

  • Request IDs are used for correlation across logs, alerts, and UI.
  • Operational failures use sanitized logging instead of unrestricted raw dumps.
  • Support intake excludes auth headers, cookies, snapshot payloads, and webhook URLs.

Operational visibility should not require broad exposure of sensitive request data.

Retention and deletion

DiffMon applies plan-based retention to keep monitoring history bounded:

  • Free - 3 days
  • Hobby - 30 days
  • Pro - 180 days
  • Business / Enterprise - custom, where configured

When retention expires, payload blobs are deleted while some operational metadata can remain for integrity, continuity, or audit purposes. Deletion workflows for monitors, workspaces, and accounts are also subject to contractual and legal obligations, including limited backup windows. See Retention, Sensitive monitor data, and the Data Processing Agreement.

  • Primary application hosting and the primary database are in the EU (Frankfurt, Germany).
  • Object storage and transactional email delivery may use EU or US regions depending on provider configuration.
  • Customer-selectable data residency is not currently documented as available.
  • Privacy and processing terms are documented in the Privacy Policy, Subprocessors, and Data Processing Agreement.
  • Where personal data is processed outside the EU/EEA, DiffMon relies on appropriate safeguards such as adequacy decisions, the EU-US Data Privacy Framework where applicable, and/or Standard Contractual Clauses.

Security contact

For security documentation requests, privacy questions, DPA requests, or to report a security concern, contact [email protected].