Dominguard
Scan my exposure

Legal

Privacy Policy

Effective
2026-04-17
Last updated
2026-04-17

This Privacy Policy describes how Dominguard ("we", "us") collects, uses, and shares information when you use the Dominguard service (the "Service").

1. Information we collect

We collect the following categories of information:

  • Account information. The email address you provide when you sign up. We use this address to authenticate you (via magic link), to send service notifications, and to contact you for support.
  • Billing information. When you purchase a paid plan, Stripe collects and stores your payment details. We receive only the metadata needed to reconcile the order (Stripe customer ID, subscription ID, plan, amount, status). Card numbers never touch our servers.
  • Domain registration data. The handle and TLDs you ask us to protect, and the registrant contact details we pass through to the registrar so the domain can be issued in your name. We store the domain names, the registrar reference, and the renewal dates.
  • Operational logs. Server and application logs (timestamp, request path, status, a short request id) used to run, debug, and secure the Service. Logs are retained for up to 30 days.

We do not use third-party advertising trackers, behavioural analytics that profile individual visitors, or social-media retargeting pixels.

2. How we use information

  • to provide, operate, and improve the Service;
  • to authenticate you and secure your account;
  • to process payments and prevent fraud;
  • to send transactional emails (magic link, receipts, account notifications);
  • to respond to support requests and other communications you initiate;
  • to comply with our legal obligations and enforce our Terms of Service.

We rely on the lawful bases of contract (to provide the Service you signed up for), legitimate interests (to keep the Service running and secure), and consent (where required for optional communications).

3. Email and CAN-SPAM

Transactional emails (magic links, receipts, account notifications) are sent as part of the Service and cannot be unsubscribed from without closing your account. Any marketing email includes a working unsubscribe link and our postal contact information; unsubscribing from marketing does not affect transactional email. You can also opt out by replying to any marketing email.

4. Third-party processors

We share the minimum information needed with the following sub-processors:

  • Stripe (payments): processes your billing details under its own privacy policy.
  • Dynadot (domain registrar): receives the registrant contact details we pass through when registering a domain on your behalf.
  • Cloudflare (DNS, redirects, email routing): hosts DNS zones we create for you and forwards email for domains you protect on the Premium plan.
  • Resend (transactional email): sends magic-link sign-in messages, receipts, and other account notifications on our behalf.
  • Cloud hosting and managed Postgres providers, used to run the Service and store account data. These providers do not have independent access to your data.

We do not sell personal information, and we do not share it with third parties for their own marketing.

5. Data retention

We retain account information for as long as your account is active. If you close your account, we delete or anonymize account data within 90 days, except where we are required by law to keep billing and tax records (typically 7 years). Operational logs are kept for up to 30 days. Domain registration records persist with the registrar and are not deleted by us when your subscription ends; the domains stay registered to you.

6. Security

We encrypt data in transit (HTTPS) and at rest for the database backing the Service. Authentication uses signed session tokens. No security program is perfect; we recommend using a strong, unique email password and keeping your inbox secure, since magic-link sign-in sends the authentication link to your email.

7. Your rights

Depending on where you live, you may have rights to access, correct, export, or delete the personal data we hold about you, and to object to or restrict certain processing. You can exercise these rights by emailing [email protected]. We respond within 30 days. If you are in the EEA, the UK, or Switzerland, you also have the right to lodge a complaint with your local data protection authority.

8. Children

The Service is not directed to, and we do not knowingly collect personal information from, children under 16. If you believe a child has provided us personal information, contact us and we will delete it.

9. International transfers

We operate from the United States. If you use the Service from outside the US, you understand that your information will be transferred to and processed in the US and other countries where our processors operate.

10. Changes to this Policy

We may update this Policy from time to time. The Last updated date above reflects the most recent revision. Material changes will be announced by email or by a notice in the Service at least fourteen (14) days before they take effect.

11. Contact

Questions about this Policy or about our data handling can be sent to [email protected].

See also our Terms of Service.