Why consider EU-hosted uptime monitoring
· 9 min read
Your monitoring data contains sensitive information about your infrastructure. Where it is stored affects GDPR, data sovereignty and operational risk.
What a monitoring database contains
Uptime monitoring holds sensitive data that people rarely think about:
- A list of all your critical URLs and IP addresses.
- Outage timestamps with server response details.
- Check configurations (custom headers, expected keywords, SSL details).
- Escalation contacts - on-call phone numbers, Telegram chat IDs, webhook URLs.
- Response logs - status dumps, error strings, server IP addresses.
For an attacker this is a recon map of your infrastructure. For you it is a list of things you must never lose or accidentally leak.
Schrems II and US services
Since 2020 (the Schrems II ruling of the EU Court of Justice), transfers of personal data to the US are no longer covered by the standard Privacy Shield agreement (invalidated by Schrems II in July 2020). Currently (06/2026) the EU-US Data Privacy Framework adopted on 10 July 2023 applies; it was challenged in a lawsuit (the Latombe case) filed in September 2023; the EU General Court dismissed it on 3 Sept 2025, but NOYB has signalled its own broader lawsuit - the long-term sustainability of the DPF remains uncertain. For a GDPR-compliant operation this means that using a US monitoring service requires:
- A proper analysis of why you are transferring data to a third country.
- Standard Contractual Clauses (SCCs) with the US provider.
- Supplementary measures - typically encryption of data in transit as well.
- A DPIA (Data Protection Impact Assessment) if sensitive data is involved.
In practice many companies neglect this. Most European firms use UptimeRobot or Pingdom even though their monitoring contains the URLs of production systems and contacts for on-call engineers. At the first serious GDPR audit it all comes to light.
Second reason: the US CLOUD Act
Regardless of GDPR, the US has the CLOUD Act in force since 2018. It allows US authorities to request data from US companies without the data owner's knowledge and regardless of whether the data is stored in the US or in another region (including EU datacentres of US companies).
This means that, from the CLOUD Act's point of view, even Pingdom's EU region is equivalent to a US region as long as it is a US company. Jurisdiction is governed by company ownership, not the physical location of the server.
Third reason: operational risk
US services bill in USD. With a strong dollar you pay more, with a weak one less, so the exchange rate concerns you every month. EU providers bill in EUR.
On top of that: when you have a problem, US support replies in English and with a 6-9 hour time difference. EU providers can reply to you in your own language during business hours.
ePulz.io in brief
ePulz.io is uptime monitoring with 3 worker nodes: primary in Liptovský Hrádok, eu2 in Liptovský Mikuláš, eu1 in Bratislava. Here is exactly what it supports today:
Monitor types (12 types): - HTTP / HTTPS (with timing breakdown - DNS, connect, TLS, TTFB, download) - SSL certificates (expiry, issuer, chain) - TCP port - ICMP ping - DNS records (A, AAAA, MX, TXT, CNAME, NS) - Domain expiration (WHOIS) - Heartbeat (for cron jobs and background processes) - Visual regression (screenshot diff) - Browser monitoring (real headless Chromium) - Multi-step / JSONPath checks (available on the Profi and Business plans) - LAN monitors (via a pull-agent inside your network)
Notifications: - E-mail (SMTP) - Telegram (per-user pairing, plus an admin channel) - Webhook with HMAC-SHA256 signature (global and per-monitor override; auto-detect for Slack, Discord, Microsoft Teams)
Other features: - Public status pages - Multi-region consensus voting across 3 worker nodes for HTTP, TCP and ping checks (Liptovský Hrádok, Liptovský Mikuláš, Bratislava; default threshold 2 of 3) - Worker bundle generator for self-hosting additional regional workers - 14-language UI (sk, cs, en, de, pl, hu, fr, es, it, pt, nl, ru, uk, tr) - free public tools (SSL, headers, DNS, WHOIS, IP geo, DNS propagation, ping, ports and more)
Pricing (verified 06/2026): - Trial: 7 days, 3 monitors, free, no payment card - Standard: 4 EUR/mo, 15 monitors, 5-min interval, 30 days history - Profi: 9 EUR/mo, 25 monitors, 2-min interval, 90 days history - Business: 27 EUR/mo, 100 monitors, 1-min interval, 365 days history, visual regression
Hosted in Liptovský Hrádok (primary), Liptovský Mikuláš (eu2) and Bratislava (eu1); the data never leaves the EU.
When a US service is fine
Let us be honest - GDPR has its nuances. If you monitor:
- Static websites with no personal data (blog, marketing).
- An API that has no customer data in its URLs or headers.
- Internal tools for a team that runs entirely in the US.
Then a US service is fine - GDPR does not apply.
If you monitor:
- Healthcare, financial or government systems.
- B2B SaaS with European customers.
- E-commerce with a European clientele.
- Any application where the monitoring contains endpoints with personal data (or even IDs that can be matched to personal data).
In these cases an EU-hosted service makes practical sense.
Migration
If you decide to move from UptimeRobot or Pingdom to an EU service, the process is straightforward:
- Export the list of monitors (URLs, intervals, expected status codes).
- Import them into the new service (most support CSV).
- Set up notifications to the new channels.
- Run in parallel for 1-2 weeks and compare results.
- Once stable, switch off the old provider.
For 20-30 monitors this is 2-4 hours of work.
Related
Try ePulz.io free - 7 days, no credit card needed.
Create account