Status
Live operational truth for deny.sh. The API health endpoint is pinged from your browser so this page reflects right-now status, not a cached read. A formal status page with multi-region uptime tracking and historical incident records is on the post-launch roadmap.
// live
Service health
Pinged client-side against /api/health each time you load this page.
For programmatic checks, hit /api/health directly. Returns {"status":"ok","db":"ok"} when healthy. The endpoint is public, unauthenticated, and minimal by design (no version fingerprinting, no PM2 metadata, no uptime numbers).
// posture
Certifications + posture
Full context: /compliance · /trust.
// subprocessors
Subprocessors and data regions
Vendors that process customer data on our behalf, where they sit, and what they handle. International transfer mechanism is detailed at /privacy#international-transfers.
| Subprocessor | Role | Region |
|---|---|---|
| DigitalOcean | Production droplet, application hosting and storage | London (LON1) |
| Stripe | Payment processing, billing, invoicing | United States (Stripe Inc.) with UK / EU presence |
| Resend | Transactional email delivery (alerts, receipts, magic links) | United States (AWS-hosted) |
| Cloudflare | DNS only (no traffic proxying, no edge caching of customer data) | Global anycast |
| Amazon Web Services | BYOK envelope encryption (customer-opt-in only) and Secrets Manager custodian (customer-opt-in only). No deny.sh-owned AWS account holds customer data. | Customer-elected AWS region |
| BlockMark Registry / IASME Consortium | Cyber Essentials certificate issuance and registry (no customer data) | United Kingdom |
Subprocessor change notification today: any addition or change is announced on this page within seven calendar days. A formal RSS / email subscription for subprocessor changes is on the post-launch roadmap.
// incidents
Last incident
NONE PUBLICLY RECORDED
deny.sh opens its open beta Saturday 4 July 2026 at 08:00 BST. Pre-beta operational events are not in scope for public incident disclosure. Incidents from the open beta onward will be recorded here with timeline, scope, customer impact, root cause, and remediation. Security findings reported via /disclosure are handled separately under coordinated disclosure.
// honest framing
What this page is not
This is a lightweight ops page, not a full status service. It does not currently provide multi-region uptime tracking, per-component status (encrypt, restore, audit, BYOK, SAML), historical SLA numbers, scheduled-maintenance windows, or an RSS / webhook subscription for status changes. All of that is on the post-launch roadmap. The honest position today is: the service is reachable, the health endpoint says so, and we have no outage to report. If you need more than that, tell us what your procurement team requires.