ConsentMark
Free Scan
Pingdom logo
Performance MonitoringHigh complexity

Pingdom

by pingdom

All product names, logos, and trademarks are the property of their respective owners. Their inclusion here is for identification purposes only and does not imply endorsement by Obscurity Ltd.

Sets cookies
No
Sends PII
No
Cross-site tracking
No
Consent required
Not required

Overview

Real user monitoring (RUM) snippet owned by SolarWinds that collects browser-side performance metrics including page load times, resource timing, and geographic distribution from actual visitors. Often overlooked in governance reviews because it is classified as an operations tool, yet the RUM component executes in visitor browsers and collects data that may constitute personal data under GDPR. The distinction between Pingdom's server-side synthetic monitoring (no personal data) and its client-side RUM (in scope) is frequently misunderstood.

Detection capabilities

Signature count
1
Detection methods
network
Property types
hostnamepathname

Performance impact

Performance Impact

Requests per page
1

Common mistakes

  • 1Assuming Pingdom RUM is purely technical and exempt from consent requirements, when the client-side script collects browser data that may constitute personal data under GDPR (IP addresses, user agent strings, geographic location)
  • 2Deploying the RUM snippet without distinguishing it from synthetic monitoring in the privacy notice - only RUM involves processing visitor data
  • 3Not reviewing SolarWinds' data processing terms following the SolarWinds supply chain attack (2020), which highlighted the importance of vendor security due diligence
  • 4Failing to include Pingdom RUM in the cookie audit, as its cookies and local storage usage are often overlooked alongside more prominent analytics tags
  • 5Loading the RUM snippet on all pages when performance monitoring on a representative sample would be sufficient and more proportionate

Compliance considerations

Pingdom RUM executes JavaScript in the visitor's browser and collects performance metrics that may include IP addresses and browser fingerprint data, which constitute personal data under GDPR. The legal basis depends on implementation: if RUM data is fully anonymised and used solely for service performance, legitimate interest may apply; if it retains identifiable data or is combined with analytics, consent may be required. SolarWinds (Pingdom's parent company) processes data in the United States and is subject to the EU-US Data Privacy Framework. Organisations should assess whether the RUM implementation collects personal data, include it in their CMP if consent is required, and ensure vendor security due diligence reflects SolarWinds' post-incident security improvements.

Related services

Akamai Mpulse

akamai-mpulse

Performance MonitoringLow risk

2 detection signatures

Datadog Rum

datadog-rum

Performance MonitoringLow risk

2 detection signatures

Dynatrace

dynatrace

Performance MonitoringMedium risk

2 detection signatures

Google Fonts

Google

Performance MonitoringLow risk

2 detection signatures

Scan your site for pingdom

Run a free Consentmark scan to see how pingdom is loading on your site, whether it respects consent, and where governance gaps exist across your wider tag estate.

Start a free scan