Data Privacy and GDPR Compliance

Data Collection

Server Scout collects server performance metrics to provide comprehensive monitoring capabilities. The data we collect includes:

  • System metrics: CPU usage, memory utilisation, disk space and I/O, network traffic
  • Performance data: System load averages, running services status
  • Optional monitoring: Process lists, network connections, and system details such as hostname and OS version

All data collection is focused purely on server performance and health monitoring.

What We Don't Collect

Server Scout is designed with privacy in mind. We explicitly do not collect:

  • File contents or directory listings from your servers
  • User data from applications running on your servers
  • Passwords, API keys, or authentication credentials
  • Personal data of server users or website visitors
  • Application logs or database contents
  • Email contents, web server logs, or application-specific data

Our Bash agent operates with minimal permissions and focuses solely on system-level performance metrics.

Data Storage and Residency

All Server Scout data is stored on EU-hosted infrastructure, ensuring data residency remains within the European Union. This provides additional protection under GDPR and ensures your server monitoring data never leaves EU jurisdiction.

The infrastructure is professionally managed with enterprise-grade security measures, including encryption at rest and comprehensive access controls.

Data Retention Policy

Server Scout employs an automated data retention policy designed to balance monitoring effectiveness with privacy:

  • Raw metrics: Kept for 24 hours to provide real-time monitoring
  • 1-minute averages: Retained for 7 days for short-term analysis
  • Older data: Automatically pruned from our systems

This approach ensures you have access to recent detailed data whilst minimising long-term data storage.

Encryption and Security

Data security is fundamental to Server Scout's architecture:

  • TLS encryption in transit: All communication between the agent and dashboard uses TLS encryption
  • Encryption at rest: Stored data is encrypted using industry-standard methods
  • Agent integrity: SHA-256 verification ensures agent authenticity
  • Session security: HttpOnly cookies and SSRF-protected webhooks

These measures protect your monitoring data throughout its lifecycle.

GDPR Rights and Compliance

As a GDPR-compliant service, Server Scout respects your data protection rights:

Your GDPR Rights

  • Right to access: You can request a copy of all data we hold about your servers
  • Right to erasure: Account deletion automatically removes all associated monitoring data
  • Right to data portability: You can request your data in a machine-readable format
  • Right to rectification: Incorrect data can be corrected through your dashboard

Data Controller Relationship

Server Scout operates as a data processor on your behalf. You remain the data controller for the server monitoring data. This means:

  • You determine what data to monitor through your agent configuration
  • You control data access through user permissions in your dashboard
  • You decide when to delete data by managing your account

Exercising Your Rights

To exercise any GDPR rights or raise data protection queries:

  1. Log into your Server Scout dashboard at app.serverscout.ie
  2. Create a support ticket through the built-in ticketing system
  3. Specify which GDPR right you wish to exercise
  4. Our support team will respond within business hours (Monday to Friday, Irish timezone)

For account deletion requests, all associated monitoring data is automatically purged from our systems.

Third-Party Data Sharing

Server Scout does not share your monitoring data with third parties. Your server performance metrics remain strictly confidential and are used solely to provide the monitoring service you've subscribed to.

Contact for Data Protection Queries

For specific data protection questions or to exercise your GDPR rights, please contact us through the support ticket system in your dashboard. Our team will address GDPR-related requests promptly during business hours.

Server Scout is committed to maintaining the highest standards of data protection whilst providing effective server monitoring for your infrastructure.

Frequently Asked Questions

What server data does ServerScout collect for monitoring?

ServerScout collects system performance metrics including CPU usage, memory utilisation, disk space and I/O, network traffic, system load averages, and running services status. Optional monitoring includes process lists, network connections, hostname and OS version. All data collection focuses purely on server performance and health monitoring.

Does ServerScout collect personal data or file contents from my servers?

No, ServerScout explicitly does not collect file contents, directory listings, user data from applications, passwords, API keys, personal data of users or visitors, application logs, database contents, email contents, or web server logs. The Bash agent operates with minimal permissions and focuses solely on system-level performance metrics.

How long does ServerScout retain my monitoring data?

ServerScout uses an automated retention policy: raw metrics are kept for 24 hours for real-time monitoring, 1-minute averages are retained for 7 days for short-term analysis, and older data is automatically pruned from the systems. This balances monitoring effectiveness with privacy protection.

Where is ServerScout monitoring data stored?

All ServerScout data is stored on EU-hosted infrastructure, ensuring data residency remains within the European Union. This provides additional GDPR protection and ensures your server monitoring data never leaves EU jurisdiction. The infrastructure uses enterprise-grade security with encryption at rest and comprehensive access controls.

What GDPR rights do I have with ServerScout?

You have the right to access (request copies of your data), erasure (automatic data removal upon account deletion), data portability (receive data in machine-readable format), and rectification (correct incorrect data through your dashboard). ServerScout operates as a data processor while you remain the data controller.

How do I exercise my GDPR rights with ServerScout?

Log into your ServerScout dashboard at app.serverscout.ie, create a support ticket through the built-in system, specify which GDPR right you wish to exercise, and the support team will respond within business hours (Monday to Friday, Irish timezone). Account deletion requests automatically purge all associated monitoring data.

Does ServerScout share my monitoring data with third parties?

No, ServerScout does not share your monitoring data with third parties. Your server performance metrics remain strictly confidential and are used solely to provide the monitoring service you've subscribed to. Data privacy and confidentiality are fundamental to the service.

How does ServerScout secure my monitoring data?

ServerScout uses TLS encryption for all communication between the agent and dashboard, encryption at rest for stored data, SHA-256 verification for agent authenticity, and HttpOnly cookies with SSRF-protected webhooks for session security. These measures protect your data throughout its entire lifecycle.

Was this article helpful?

Related Articles