I built a status page with zero third-party requests. Here's what it took.

Engin Blitz — Mon, 20 Apr 2026 11:58:54 +0000

Most status pages I've audited load between 8 and 15 third-party resources: Google Fonts, analytics beacons, session recorders, icon CDNs, sometimes embedded chat widgets. For a page whose entire job is to communicate "something is broken, stay calm," that's a lot of attack surface — and a lot of DPA paperwork if you sell into the EU.

I'm building FoundersDeck, a GDPR-native monitoring toolkit. When I designed the status page, I set one hard constraint:

The page makes requests to exactly one domain. Its own.

Sounds trivial. It isn't.

The checklist

Here's what had to go:

❌ Google Fonts     → self-hosted WOFF2, subset to Latin
❌ Analytics        → removed from status page entirely
❌ Icon CDN         → inlined SVG sprite
❌ External CSS     → bundled at build
❌ Tracking cookies → none set, no consent banner needed
❌ Session replay   → never added

The stack

SvelteKit with SSR, PostgreSQL, EU hosting, no US subprocessors in the request path. Uptime and heartbeat checks run from EU regions. Fonts are self-hosted and subsetted. Icons are a single inlined SVG sprite.

The page renders server-side. First paint is the full page. No hydration needed to see the current status.

The metrics that actually matter

The old version used colored bars ("all green, all good"). Looked clean, communicated nothing. The new version shows:

MTTR — mean time to recovery
Incident count for the period
Max downtime window (worst single incident)
Average response time
Uptime percentage When something breaks, users want to know how bad and how fast you fix things. Color bars don't answer either question.

Why bother

A status page is the most-linked external page most SaaS products have. It shows up in outage emails, docs, partner dashboards, support tickets. If it leaks data to third parties, that leak is at maximum surface area exactly when customers are already irritated.

For EU buyers, it's also the first page their legal team opens during a DPA review.

Try it

FoundersDeck is live at foundersdeck.dev. Open DevTools on any status page — you'll see one domain in the Network tab.

Happy to answer questions about the SvelteKit SSR setup, the font subsetting, or the EU hosting stack.

I built an EU-hosted monitoring toolkit with SvelteKit – here's how

Engin Blitz — Thu, 09 Apr 2026 12:39:25 +0000

Every SaaS founder needs monitoring. And every time I evaluated a tool, the same pattern emerged: US-hosted, US-hosted, US-hosted.

As an EU-based developer, that's a problem. Not just philosophically – practically. Customers ask where their data lives. GDPR audits require documented data flows. And the US CLOUD Act means your monitoring provider can be compelled to hand over data without you even knowing.

So I built FoundersDeck – an uptime monitoring and status page toolkit hosted entirely in Germany. Here's how.

The Stack

Frontend & Backend: SvelteKit with TypeScript
Build: Vite 8 with Rolldown
Database: PostgreSQL
Runtime: Node.js with adapter-node
Hosting: Netcup VPS in Nuremberg, Germany
Email: Scaleway (French provider)
Payments: Polar.sh (European MoR)
DNS: Cloudflare (DNS only, no proxy – no traffic through US servers)

Total infrastructure cost: ~25€/month. One VPS runs everything.

Architecture: One Process, One Repo

The entire application runs as a single Node.js process. No microservices, no message queues, no Redis. The monitoring worker lives inside the SvelteKit server process.

On startup, the worker loads all active monitors from PostgreSQL and begins checking them at their configured intervals. Each check records:

HTTP status code
Response time in milliseconds
Full error details if the check fails (timeout, SSL error, DNS failure, connection refused)
Timestamp

When a check fails, the system doesn't immediately fire an alert. That would cause too many false positives. Instead, it waits for 2-3 consecutive failures before opening an incident. This prevents alerts from network blips or brief server restarts.

When an incident opens, the configured alert channels fire: an HTTP POST to Slack and Discord webhooks, and an email via Scaleway's SMTP. Zero cost for webhooks – the customer brings their own Slack/Discord workspace.

Status Pages: Separate Layout, Same App

The public status pages are served from the same SvelteKit application but with a completely separate layout. No dashboard CSS, no navigation, no FoundersDeck branding (on paid plans).

Each status page has its own route at /status/[slug] with:

The customer's logo and brand color
Current status of each assigned monitor
90-day uptime bars per monitor
Incident history with error details
Zero cookies, zero tracking, zero third-party requests

Custom domains work via CNAME records pointing to the app. The SvelteKit server checks the incoming hostname and serves the correct status page.

The status pages serve zero cookies and make zero third-party requests. That means no consent banner needed – which is a real differentiator for EU-conscious customers.

Data Retention as a Business Model

Every check creates a row in the database. At 60-second intervals, one monitor generates 1,440 rows per day. Scale that to thousands of monitors and the database grows fast.

The solution: tiered data retention. Free tier keeps 7 days of check history. Starter keeps 30 days. Pro keeps 90 days. Business keeps 365 days. A cleanup job runs daily and removes expired data.

This is also the natural upsell trigger. Once a customer wants to see trends over months instead of days, they upgrade.

What I Learned

Start with one VPS. I spent zero time on infrastructure decisions. No Kubernetes, no Docker Compose, no load balancer. Just node build/index.js behind a reverse proxy. A single 4-core VPS can handle tens of thousands of monitors.

Webhooks are free infrastructure. Slack and Discord webhooks cost nothing. The customer configures their own webhook URL, and you send a POST request. No Twilio bills, no SMS credits, no API keys on your side.

The EU angle is real. I built this primarily for myself, but the positioning as an EU-native tool resonated immediately. There's genuine demand from founders who want to know where their data lives – especially in 2026 with the digital sovereignty discussion accelerating across Europe.

Don't over-engineer the MVP. No AI, no machine learning, no external API dependencies. The entire app is SvelteKit + PostgreSQL + Node.js. If my VPS goes down, there's exactly one thing to fix.

Try It

FoundersDeck is live with a free tier (5 monitors, 1 status page, email alerts, no credit card).

Website: foundersdeck.dev
Live status page (dogfooding): status.foundersdeck.dev
Trust & compliance details: foundersdeck.dev/trust

Happy to answer any questions about the architecture or the EU hosting setup.

DEV Community: Engin Blitz