DomainFortify

Privacy Policy

Last updated: April 25, 2026

1. Who we are

DomainFortify (“we”, “us”, or “our”) operates domainfortify.com — a domain and DNS security monitoring service. This policy explains what personal data we collect, how we use it, and your rights.

2. Information we collect

Account information

When you sign in with Google, we receive your name, email address, and Google profile picture. We do not store your Google password.

Domain data

We store the fully-qualified domain names (FQDNs) you add to your account, the DNS and email security records returned by public resolvers, and change history between scans.

Usage and log data

We collect standard server logs (IP address, browser user-agent, pages visited, timestamps) to operate and secure the service. Logs are retained for 30 days.

Payment information

Billing is processed by Stripe. We receive a Stripe customer ID and subscription status; we never see or store full card numbers or bank details.

3. How we use your information

  • Provide, maintain, and improve the service
  • Send scan change alerts and product notifications to your account email
  • Process payments and manage subscriptions
  • Respond to support requests
  • Detect and prevent abuse or unauthorized access

We do not sell your personal data or share it with third parties for their own marketing.

4. Data sharing

We share data only with the following categories of service providers:

  • Supabase — database and authentication hosting
  • Stripe — payment processing
  • Resend — transactional email delivery
  • Upstash / Redis — scan job queuing

Each provider is contractually bound to use your data only to provide services to us. We may disclose data if required by law or to protect the rights and safety of our users.

5. Data retention

We retain your account and domain data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required by law to retain it longer (e.g. billing records for tax purposes, retained for 7 years).

6. Cookies

We use a single session cookie to keep you logged in. We do not use third-party advertising cookies or cross-site tracking cookies. No cookie consent banner is required for strictly necessary cookies.

7. Your rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data (“right to be forgotten”)
  • Export your data in a portable format
  • Object to or restrict processing

To exercise any of these rights, email us at privacy@domainfortify.com. We will respond within 30 days.

8. Security

All data is transmitted over HTTPS. Database access is protected by row-level security policies enforced at the database layer, ensuring that one organization cannot access another's data. We conduct periodic security reviews.

9. Children

DomainFortify is not directed at children under 16. We do not knowingly collect personal data from anyone under 16.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email or by a notice in the dashboard before they take effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.

11. Contact

Questions about this policy? privacy@domainfortify.com