Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Pingdom is a website monitoring service operated by SolarWinds (US) that provides uptime monitoring, page speed testing, Real User Monitoring (RUM), and transaction monitoring. While basic uptime checks do not involve end user data, the RUM feature deploys a JavaScript snippet that collects visitor performance metrics and sets cookies, requiring GDPR consent. All monitoring data is stored on US infrastructure.
Pingdom is a website and application monitoring service now operated by SolarWinds Worldwide LLC, headquartered in Austin, Texas. Originally a Swedish company founded in 2007, Pingdom was acquired by SolarWinds in 2014. The platform provides uptime monitoring (HTTP, HTTPS, TCP, DNS, SMTP, POP3, IMAP checks from global probe locations), page speed testing, Real User Monitoring (RUM) via a JavaScript snippet, and transaction monitoring for multi step workflows. Pingdom is widely used by operations teams to ensure website availability and performance.
Pingdom''s data collection varies by feature. Uptime monitoring probes make server to server HTTP requests and do not interact with end user browsers or set cookies. Page speed tests analyse page structure without collecting visitor data. However, the Real User Monitoring (RUM) feature deploys a JavaScript snippet on website pages that collects visitor performance data including page load times, browser type and version, operating system, screen resolution, geographic location (derived from IP address), and connection type. The RUM snippet sets a cookie (_pingdom_rum) to track performance across page views within a session. The Pingdom dashboard (my.pingdom.com) sets authentication and analytics cookies for account management.
The GDPR implications of Pingdom depend on which features are used. Basic uptime monitoring involves no visitor personal data as probes make direct server requests. However, RUM collects data from real visitors'' browsers, including IP addresses (which are personal data under GDPR) and device fingerprinting data. SolarWinds provides a DPA with SCCs for international transfers. The platform holds SOC 2 Type II and ISO 27001 certifications. As RUM data is stored on US infrastructure with no EU data residency option, organisations using RUM must assess whether the performance data collected constitutes personal data processing requiring GDPR safeguards.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Uptime monitoring does not require consent as it involves no visitor data processing. Page speed tests similarly require no consent. However, Real User Monitoring requires consent under both the ePrivacy Directive (for the RUM cookie) and GDPR (for collecting visitor IP addresses and device data). The RUM JavaScript snippet should only load after the visitor provides consent via a cookie management platform. Organisations should classify the _pingdom_rum cookie as a performance or analytics cookie in their consent banner and allow visitors to opt out. Without RUM, Pingdom can operate entirely without any consent requirements.
SolarWinds is headquartered in Austin, Texas, and Pingdom monitoring data is stored on US infrastructure. Monitoring probes operate from locations worldwide (North America, Europe, Asia Pacific, South America), but the probe locations are used for generating test requests, not for storing data. RUM data collected from visitor browsers is transmitted to and stored on US servers. No EU data residency option is available. International transfers are covered by SCCs in the SolarWinds DPA. Organisations should note that while the monitoring itself may originate from EU probes, all results and analytics are centralised in US data centers.
To achieve GDPR compliance with Pingdom: execute the SolarWinds DPA. If using RUM, implement a cookie consent banner that blocks the RUM JavaScript snippet until consent is given. Classify the _pingdom_rum cookie in your consent management platform under performance or analytics categories. Add Pingdom RUM to your cookie policy with details about the data collected. If RUM is not essential, consider using uptime monitoring only, which involves no visitor data and requires no consent. For the Pingdom dashboard, ensure account access is restricted to authorised personnel. Configure alert notifications to avoid including personal data in monitoring alerts. Include Pingdom in your Records of Processing Activities, distinguishing between uptime monitoring (no personal data) and RUM (visitor performance data).
Websites using Pingdom (Uptime Monitoring) must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended if using Pingdom RUM (Real User Monitoring) which collects visitor browser data. Key areas: the RUM JavaScript snippet collects visitor IP addresses, browser type, device information, page load times, and geographic location. Uptime monitoring probes do not collect visitor data. Transaction monitoring scripts may interact with application forms. All data is stored on US infrastructure. Assess the scope of visitor data collected via RUM and whether it constitutes personal data profiling.
Sample consent text
This site uses Pingdom Real User Monitoring to measure page performance. This service collects anonymised performance data including page load times and browser information. Data is processed by SolarWinds on servers in the United States. By accepting, you consent to this performance monitoring. You can opt out at any time via our cookie settings.
Third-party domains contacted
www.pingdom.commy.pingdom.comapi.pingdom.comrum-static.pingdom.netrum-collector.pingdom.netCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| _pingdom_rum | analytics | Session | Real User Monitoring cookie tracking page load performance metrics within a visitor browsing session. |
| pingdom_session | authentication | Session | Maintains the authenticated session for the Pingdom dashboard (my.pingdom.com). |
| pingdom_csrf | security | Session | CSRF protection token for dashboard operations and account management. |
| _ga | analytics | 2 years | Google Analytics cookie on the Pingdom website tracking visitor behaviour. |
Pingdom (Uptime Monitoring) collects user analytics data — you legally need a consent banner. Try FlowConsent free.
Uptime monitoring sets no cookies on visitor browsers. However, the Real User Monitoring (RUM) feature sets a _pingdom_rum cookie to track page load performance within a visitor session. The Pingdom dashboard (my.pingdom.com) sets authentication and analytics cookies for account management.
Not for uptime monitoring (server to server, no visitor data). Yes for RUM: the JavaScript snippet collects visitor IP addresses, browser data, and sets a cookie, requiring both ePrivacy and GDPR consent. The RUM script should only load after consent is given.
Uptime monitoring uses legitimate interest (Art. 6(1)(f)) as no visitor personal data is involved. RUM requires consent (Art. 6(1)(a)) for collecting visitor performance data. Dashboard access for employees relies on contract performance or legitimate interest.
Yes. SolarWinds is US based and all monitoring data is stored on US infrastructure. Probes operate globally but results are centralised in US data centers. No EU data residency option. Transfers covered by SolarWinds DPA with SCCs.
Only if using RUM, which collects visitor browser data at scale. Uptime monitoring alone does not require a DPIA. If RUM is deployed across high traffic websites, assess the scope of visitor data collected, the IP address processing, and US storage implications.
Execute the SolarWinds DPA. For RUM: implement cookie consent blocking the script until consent is granted. Classify _pingdom_rum as a performance cookie. Add RUM details to your cookie policy. For uptime only: no visitor facing compliance measures are needed. Restrict dashboard access and document Pingdom in your processing records.
For uptime monitoring: Uptime Kuma (open source, self hosted), Hetrixtools (with EU options), Checkly (EU friendly monitoring). For RUM alternatives: Plausible Analytics (EU hosted, privacy first), Matomo (self hosted), or browser native Performance API metrics collected server side. Self hosted monitoring eliminates third party data processing.
If using RUM, add the _pingdom_rum cookie to your cookie policy specifying its purpose (performance measurement), duration (session), and that data is processed by SolarWinds in the US. Classify it under performance or analytics. Provide opt out controls. If using uptime monitoring only, no cookie policy entry is needed as no visitor cookies are set.