Privacy Policy

Last updated: May 1, 2026

1. Introduction

CertNotify ("we", "us", "our") operates certnotify.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. Please read this policy carefully. By using CertNotify, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Account Information: When you sign in with Google, we receive your name, email address, and Google profile photo via Google OAuth. We store your name and email address in our database to identify your account.

Domain Data: We collect the domain names you add to your account for monitoring purposes. We do not collect or store private keys, certificate contents, or server credentials of any kind.

Usage Data: We collect standard server logs including IP addresses, browser type, pages visited, and timestamps. This data is used for security and service improvement purposes and is not sold to third parties.

Payment Information: If you subscribe to a paid plan, payment processing is handled entirely by Stripe. We do not store credit card numbers or billing details on our servers.

3. How We Use Your Information

  • To provide and operate the CertNotify monitoring service
  • To send SSL certificate and domain expiry alerts via email or WhatsApp (as configured by you)
  • To manage your account and subscription
  • To communicate service-related notices and updates
  • To detect and prevent fraud or abuse of our service
  • To comply with legal obligations

4. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We share data only with:

  • Stripe: For payment processing on paid plans
  • Google: For authentication via Google OAuth (governed by Google's privacy policy)
  • Vercel: Our hosting provider processes request data as part of delivering our service
  • Law enforcement: When required by valid legal process

5. Data Retention

We retain your account data for as long as your account is active. Domain monitoring records are retained for up to 12 months for historical analysis. If you delete your account, we delete your personal data within 30 days, except where retention is required for legal compliance.

6. Your Rights (GDPR / UK GDPR)

If you are in the European Economic Area or United Kingdom, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests

To exercise these rights, email us at privacy@certnotify.com. We will respond within 30 days.

7. Cookies

We use session cookies for authentication only. We do not use third-party advertising cookies or cross-site tracking. You can disable cookies in your browser, but this will prevent you from staying signed in.

8. Security

We use HTTPS/TLS for all data transmission, encrypt sensitive credentials at rest, and follow security best practices including regular dependency updates and access controls. No system is 100% secure — please report security vulnerabilities to security@certnotify.com.

9. Children's Privacy

CertNotify is not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child under 16, contact us immediately at privacy@certnotify.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or a prominent notice on our website at least 14 days before they take effect. Continued use of CertNotify after the effective date constitutes acceptance of the updated policy.

11. Contact

For privacy-related enquiries: privacy@certnotify.com