Privacy Policy
Last updated: March 17, 2026
EasyTLDs ("we", "us", "our") operates easytlds.com (the "Service"). This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights regarding that data.
1. Data We Collect
1.1 Account Data
When you create an account we store your name, email address, and hashed password. If you sign in via Google or GitHub we receive your name, email, and profile picture URL from the OAuth provider. We never receive or store your OAuth password.
1.2 Domain Monitoring Data
When you add a domain to your monitoring dashboard we collect and store:
- The domain name and its DNS, SSL, and WHOIS records
- Uptime check results, response times, and HTTP status codes
- Port and ping check results across monitoring locations
- Registrar name, expiry dates, and renewal cost estimates
This data is associated with your account and used solely to provide the monitoring service.
1.3 API Usage Data
If you use the EasyTLDs API we log your API key identifier, request timestamps, endpoints called, and response status codes for rate-limiting and abuse prevention. We do not log request bodies or full query parameters.
1.4 Analytics & Cookies
We use a first-party, self-hosted analytics system that collects:
- Page URL, referrer, screen size, and browser user-agent
- Session duration and page views
- A random session identifier (not linked to your account)
We set the following cookies:
| Cookie | Purpose | Duration |
|---|---|---|
PHPSESSID | Session authentication | Browser session |
currency | Preferred currency (USD/EUR/GBP) | 1 year |
theme | Dark/light mode preference | 1 year |
We do not use Google Analytics, Facebook Pixel, or any third-party tracking scripts.
1.5 Payment Data
Payments are processed by Stripe. We never see or store your full credit card number. Stripe provides us with a customer ID, subscription status, and the last four digits of your card for reference. Stripe's privacy policy applies to payment processing: stripe.com/privacy.
2. How We Use Your Data
- Provide the Service — run uptime checks, send alerts, display price comparisons
- Send notifications — email, Slack, Telegram, or webhook alerts you configured
- Prevent abuse — rate-limit API requests, detect bot registrations
- Improve the Service — analyze aggregate usage patterns to prioritize features
- Communicate — send account-related emails (password reset, plan changes, security notices)
We do not sell, rent, or share your personal data with third parties for marketing purposes.
3. Affiliate Links
Price comparison pages contain affiliate links to domain registrars. When you click a "Register" button, you are redirected through our affiliate tracking URL. The registrar may set their own cookies upon arrival. We earn a commission if you complete a purchase — this does not affect the price you pay.
4. Data Sharing
We share data only in these limited circumstances:
- Stripe — for payment processing (see Section 1.5)
- Google Fonts — your browser loads the Inter font from Google's CDN, which may log your IP address per Google's privacy policy
- Monitoring nodes — domain check requests are sent from our server infrastructure; no personal data is transmitted to monitoring targets beyond the domain name
- Legal obligations — if required by law, court order, or to protect our rights
5. Data Retention
- Account data — retained until you delete your account
- Monitoring data — retained for up to 12 months after the domain is removed from your dashboard
- Analytics data — aggregated and anonymized after 90 days; raw session data deleted after 90 days
- API logs — retained for 30 days
6. Your Rights (GDPR)
If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation:
- Access — request a copy of all personal data we hold about you
- Rectification — correct inaccurate or incomplete data
- Erasure — request deletion of your account and all associated data
- Portability — receive your data in a structured, machine-readable format
- Restriction — request that we limit processing of your data
- Objection — object to processing based on legitimate interests
To exercise any of these rights, email us at . We will respond within 30 days.
7. Data Security
We protect your data with:
- HTTPS encryption on all connections (TLS 1.2+)
- Bcrypt password hashing with individual salts
- Server-side session management with secure, HTTP-only cookies
- Regular security updates and access controls on our infrastructure
8. Children
EasyTLDs is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users by email if we make material changes. The "Last updated" date at the top of this page indicates the most recent revision.
10. Contact
For privacy-related questions or requests, contact us at: