1. Information We Collect
1.1 Information You Provide
- Account Information: Email address, name, company name when you sign up
- Service Configuration: URLs of APIs you want us to monitor
- Billing Information: Payment details processed by our payment provider (we don't store full payment details)
- Communication: Emails, support tickets, or other communications
1.2 Information We Collect Automatically
- Usage Data: How you interact with our service, pages visited, features used
- Log Data: IP address, browser type, device information, error logs
- Certificate Data: SSL certificate information (issuer, expiry date, public key hashes) from URLs you provide
1.3 Information from Third Parties
When you sign up using OAuth (Google, GitHub, etc.), we receive basic profile information from those services.
2. How We Use Your Information
- To provide and maintain our service
- To send certificate expiry alerts and service notifications
- To process payments and prevent fraud
- To communicate with you about updates, security alerts, or support
- To improve our service and develop new features
- To comply with legal obligations
3. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), our legal basis for processing is:
- Contract: Processing necessary to provide our service under our Terms
- Consent: Where you have given consent for specific processing
- Legitimate Interests: To improve our service, prevent fraud, and ensure security
- Legal Obligation: To comply with EU laws and regulations
4. Data Sharing and Disclosure
We do not sell your personal information. We may share data with:
- Service Providers: Payment processors, hosting providers, email services
- Legal Requirements: When required by law or to protect our rights
- Business Transfers: In connection with a merger, acquisition, or sale of assets
All third parties are contractually obligated to protect your data.
12. Data Processors
- Mochahost - Hosting services, United States
5. Data Retention
We retain data only as needed:
- Account Data: Until account deletion
- Monitoring Data: Until you remove URLs
- Server Logs: 30 days (hosting provider may retain longer for security)
- Billing Data: As required by EU tax laws (minimum 10 years)
6. Your Rights (GDPR)
As an EU resident, you have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your data ("right to be forgotten")
- Restrict or object to processing
- Data portability
- Withdraw consent at any time
To exercise these rights, contact us at privacy@certwatch.dev.
7. Data Security
We implement appropriate technical and organizational measures including:
- Encryption of data in transit (TLS 1.2+) and at rest
- Regular security assessments
- Access controls and authentication
- Secure development practices
Note: Data is stored on servers in the United States with our hosting provider Mochahost.
8. International Data Transfers
Your data may be transferred to and processed in the United States, where our hosting provider is located.
EU/EEA Data Transfer Safeguards:
- We use Standard Contractual Clauses (EU Commission-approved)
- We implement supplementary technical measures
- We conduct due diligence on third-party processors
The United States does not have an adequacy decision from the European Commission. We rely on Article 46 GDPR safeguards for transfers.
9. Children's Privacy
Our service is not intended for children under 16. We do not knowingly collect data from children.
10. Cookies and Tracking
We respect your privacy. We only use:
- Essential Cookies: For login, preferences and anti-forgery (required)
11. Changes to This Policy
We may update this policy. We will notify you of material changes by email or in-app notification.
12. Contact & EU representative
Data Controlleri (EU Representative): Vladimir Kocjančič
Address:Dolenjska cesta 94, 1000 Ljubljana, Slovenia
Email: privacy@certwatch.dev
Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.