Last updated: 7 April 2026
Privacy Policy
This privacy policy explains how we collect, use, store and protect your personal data when you use the ACS Monitor website and services. It applies to all visitors and users of acsmon.com and the ACS Monitor licensing, download and API services. This policy is compliant with the EU General Data Protection Regulation (GDPR), the UK General Data Protection Regulation as incorporated by the UK Data Protection Act 2018, and the EU ePrivacy Directive (Directive 2002/58/EC).
1. Who We Are
This website and service is operated by Anglia Computer Solutions Business Limited ("we", "us", "our"), trading as ACS Monitor Cloud. We are the data controller responsible for your personal data.
We provide network and infrastructure monitoring software and related licensing, billing and download services at acsmon.com.
If you have any questions about this privacy policy or how we handle your data, you can contact us at support@acsmon.com.
2. What Data We Collect
We collect and process the following categories of personal data:
Account Data
When you register for an account, we collect your name, email address, company name (optional) and phone number (optional). We also store a securely hashed version of your password. If you enable two-factor authentication, we store an encrypted TOTP secret and recovery codes.
Server Data
When you register a monitoring server, we collect the server name, hostname, and IP address. We generate and store a unique license key and a time-limited install token for each server. We also record the operating system name and version, and the ACS Monitor application version installed on your server.
Usage and Heartbeat Data
Your ACS Monitor instance periodically sends heartbeat data to our licensing server. This includes device count, service monitor count, application version, operating system name and version, CPU usage percentage, memory usage percentage, and disk usage percentage.
Payment and Billing Data
Payments are processed securely by Stripe. We do not store your credit or debit card details on our servers. We store your Stripe customer ID and subscription details (plan, status, billing period, current period start and end dates) to manage your account and billing.
Support Ticket and Feedback Data
If you submit a support ticket or provide feedback, we collect the content of your message along with your account information and any attachments you provide, in order to respond to your enquiry.
Technical Data
When you visit our website, we may collect technical data including your browser type and version, IP address, referring URL, pages visited and time spent on each page. This data is collected through server logs and, where you have given consent, through Google Analytics.
Cookie and Analytics Data
With your consent, we use Google Analytics (measurement ID G-JS5S9TX0GF) to collect anonymised data about how visitors use our website. This includes pages visited, session duration, bounce rate and general geographic location. See Section 5 below for full details on cookies and tracking.
3. Lawful Basis for Processing
We process your personal data under the following lawful bases as defined by Article 6 of the UK GDPR and EU GDPR:
Contract Performance (Article 6(1)(b))
We process your account data, server data, usage data and billing data as necessary to perform our contract with you. This includes providing the ACS Monitor licensing service, validating your license key, enforcing tier-based device and monitor caps, managing your subscription, delivering software updates and install scripts, and processing payments.
Legitimate Interest (Article 6(1)(f))
We process certain data where we have a legitimate interest in doing so, provided this does not override your fundamental rights and freedoms. This includes processing server IP addresses and usage patterns to detect and prevent fraud and abuse (such as free tier circumvention), maintaining the security and integrity of our service, and using aggregated and anonymised usage data to improve our product and services.
Consent (Article 6(1)(a))
We rely on your explicit consent for the use of analytics cookies (Google Analytics) and for sending marketing communications such as product updates, news and promotional offers. You can withdraw this consent at any time — see Sections 5 and 9 for details on how to do so.
Legal Obligation (Article 6(1)(c))
We are required to retain certain financial and billing records to comply with UK tax law (HMRC requirements) and other applicable regulatory obligations. We may also be required to disclose personal data to law enforcement or regulatory authorities where legally compelled to do so.
4. How We Use Your Data
- Validating your license key and enforcing tier-based device and monitor caps
- Processing subscription payments and managing billing cycles
- Generating and serving install scripts and software downloads
- Responding to support tickets and feedback
- Monitoring server health and usage to provide service status information
- Detecting and preventing abuse, including IP-based tracking to identify free tier circumvention
- Sending transactional emails (account verification, password resets, billing receipts, license notifications)
- Sending marketing communications (only with your explicit consent)
- Analysing website usage to improve our service (only with your cookie consent)
- Complying with legal and regulatory obligations
5. Cookies and Tracking
Cookies are small text files placed on your device when you visit our website. We use cookies in accordance with the EU ePrivacy Directive (Directive 2002/58/EC) and the UK Privacy and Electronic Communications Regulations 2003 (PECR). We categorise our cookies as follows:
Essential Cookies
These cookies are strictly necessary for the website to function and cannot be switched off. They do not require your consent under the ePrivacy Directive.
| Cookie | Purpose | Duration |
|---|---|---|
XSRF-TOKEN |
Protects against cross-site request forgery (CSRF) attacks on form submissions | 2 hours |
laravel_session |
Maintains your authenticated session while you are logged in | 2 hours |
cookie_consent |
Stores your cookie consent preference (localStorage) | Persistent |
Analytics Cookies (Consent Required)
These cookies are only set if you give your explicit consent via our cookie consent banner. They help us understand how visitors interact with our website by collecting and reporting information anonymously.
| Cookie | Purpose | Duration | Set by |
|---|---|---|---|
_ga |
Distinguishes unique users by assigning a randomly generated number as a client identifier. Used to calculate visitor, session and campaign data for analytics reports. | 2 years | Google Analytics |
_ga_JS5S9TX0GF |
Used by Google Analytics 4 to persist session state across page loads. | 2 years | Google Analytics |
_gid |
Distinguishes unique users for the current 24-hour period. Used to throttle request rate. | 24 hours | Google Analytics |
Google Consent Mode v2
We implement Google Consent Mode v2 on this website. By default, analytics storage and ad storage are set to denied. This means Google Analytics cookies are not set and no tracking occurs until you actively consent via our cookie banner. When you grant consent, the consent state is updated to granted and Google Analytics begins collecting data. If you decline or do not interact with the banner, no analytics cookies are placed on your device.
How to Opt Out of Analytics Cookies
You can opt out of Google Analytics cookies at any time by:
- Clicking "Decline" or withdrawing consent on our cookie consent banner
- Clearing the
cookie_consententry from your browser's localStorage (this will cause the consent banner to reappear) - Adjusting your browser settings to block cookies from
googletagmanager.comandgoogle-analytics.com - Installing the Google Analytics Opt-out Browser Add-on
We do not use advertising cookies, social media tracking cookies, or any other third-party tracking cookies beyond Google Analytics.
6. Google Analytics
We use Google Analytics 4 (GA4) with measurement ID G-JS5S9TX0GF to analyse how visitors use our website. Google Analytics uses cookies to distinguish users and collect information about page views, session duration, traffic sources and general user behaviour.
We have enabled IP anonymization (data redaction) so that your full IP address is never stored by Google Analytics. Your IP address is truncated within EU/EEA member states (or the UK) before transmission to Google servers.
Google Analytics data is processed by Google LLC, headquartered in the United States. Google participates in and has certified its compliance with the EU-US Data Privacy Framework. This provides an adequate level of data protection for transfers of personal data from the EU/EEA and UK to the United States.
Google Analytics cookies are only activated when you provide your explicit consent via our cookie consent banner (see Section 5). You can opt out at any time using the methods described above.
For more information about how Google collects and processes data, please see the Google Privacy Policy and How Google uses information from sites that use its services.
7. Third-Party Data Processors
We share your data with the following third-party service providers who process data on our behalf or as independent controllers. Each processor has been selected for their compliance with applicable data protection standards.
| Provider | Purpose | Data Shared | Compliance |
|---|---|---|---|
| Stripe | Payment processing | Name, email, payment card details (entered directly into Stripe), subscription details | PCI DSS Level 1, EU-US Data Privacy Framework. See Stripe Privacy Policy. |
| Google LLC | Website analytics (Google Analytics 4) | Anonymised browsing data, truncated IP address, cookie identifiers (consent required) | EU-US Data Privacy Framework. See Google Privacy Policy. |
| Email provider | Transactional email delivery (SMTP) | Recipient email address, email content (account verification, password resets, billing receipts, notifications) | Data processing agreement in place |
We do not sell, rent or trade your personal data to any third parties. We do not use your data for advertising purposes.
8. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our specific retention periods are:
| Data Category | Retention Period |
|---|---|
| Account data | Retained while your account is active. Permanently deleted within 30 days of account deletion. |
| Heartbeat and usage data | Retained for 12 months, then automatically deleted. |
| Payment and billing records | Retained for 7 years as required by UK tax law (HMRC). |
| Analytics data (Google Analytics) | Retained for 14 months (Google Analytics default retention period), then automatically deleted by Google. |
| Support tickets | Retained for 24 months after the ticket is closed, then deleted. |
When you delete your account, all associated personal data (except billing records required by law) is permanently deleted within 30 days.
9. Your Rights Under UK GDPR and EU GDPR
Under Articles 15 to 22 of the UK GDPR and EU GDPR, you have the following rights in relation to your personal data:
- Right of access (Article 15) — you can request a copy of all personal data we hold about you. A data export feature is available in your account profile settings.
- Right to rectification (Article 16) — you can request correction of inaccurate or incomplete personal data. You can also update your account details directly in your profile.
- Right to erasure (Article 17) — you can request deletion of your personal data ("right to be forgotten"), subject to any legal obligations that require us to retain certain records (such as billing records for tax purposes).
- Right to restrict processing (Article 18) — you can request that we limit how we process your data in certain circumstances, such as while we verify the accuracy of data you have contested.
- Right to data portability (Article 20) — you can request your personal data in a structured, commonly used, machine-readable format (such as JSON or CSV) and have it transmitted to another controller.
- Right to object (Article 21) — you can object to processing of your personal data where we rely on legitimate interest as the lawful basis, and we will cease processing unless we demonstrate compelling legitimate grounds.
- Right to withdraw consent (Article 7(3)) — where processing is based on your consent (such as analytics cookies or marketing emails), you can withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
- Right not to be subject to automated decision-making (Article 22) — we do not make any decisions based solely on automated processing that produce legal or similarly significant effects on you.
To exercise any of these rights, please contact us at support@acsmon.com or submit a request via our support ticket system. We will respond within 30 days (or one calendar month as required by the GDPR). We may ask you to verify your identity before processing your request.
Right to Lodge a Complaint
If you are not satisfied with how we handle your personal data or our response to your request, you have the right to lodge a complaint with a supervisory authority. In the UK, the relevant authority is the Information Commissioner's Office (ICO) — visit ico.org.uk or call 0303 123 1113. If you are located in the EU/EEA, you may also lodge a complaint with the supervisory authority in your country of residence.
10. International Data Transfers
Our servers are located in the United Kingdom. However, some of the third-party services we use are operated by companies based in the United States. This means your personal data may be transferred to and processed in the US in the following circumstances:
- Google LLC (Google Analytics) — anonymised analytics data may be processed on Google servers in the US. Google is certified under the EU-US Data Privacy Framework, which provides an adequate level of data protection as recognised by the European Commission.
- Stripe, Inc. — payment data may be processed by Stripe in the US. Stripe is certified under the EU-US Data Privacy Framework and maintains appropriate safeguards as detailed in their privacy policy.
Where personal data is transferred outside the UK or EEA, we ensure that appropriate safeguards are in place in accordance with Chapter V of the UK GDPR and EU GDPR, including adequacy decisions, the EU-US Data Privacy Framework, or Standard Contractual Clauses (SCCs) where applicable.
11. Data Security
We take the security of your data seriously and implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction. All data is encrypted in transit using TLS (HTTPS). Sensitive data such as license keys and two-factor authentication secrets are encrypted at rest. Passwords are stored using strong one-way hashing algorithms. Access to production systems is restricted to authorised personnel only, protected by SSH key authentication and two-factor authentication.
12. Children
Our service is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at support@acsmon.com and we will take steps to delete such information promptly.
13. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices, legal requirements or regulatory guidance. If we make material changes, we will notify you by email using the address associated with your account and update the "Last updated" date at the top of this page. We encourage you to review this page periodically. Your continued use of the service after any changes constitutes acceptance of the updated policy.
14. Contact Us
If you have any questions about this privacy policy, wish to exercise your data protection rights, or have concerns about how we handle your personal data, please contact us:
Anglia Computer Solutions Business Limited
Email: support@acsmon.com
Support tickets: https://www.acsmon.com/tickets