Privacy Policy

1. Who operates this service

The service is provided by Web X.0 Media LLC, a Washington limited liability company doing business as Notify.domains ("Notify.domains," "we," "us"). Michael Cyger is the founder. Day-to-day monitoring and alerts run on automated infrastructure without a separate support organization reviewing portfolios.

There are no separate customer-support employees or contractors with routine access to customer accounts or monitoring lists. When human access is needed, it is handled as described in Section 8.

2. Information we collect

We collect information in these categories:

• Account and profile data: such as your name, email address, and credentials used to sign in.
• Billing data: subscription status and metadata needed for invoices and payment history. Payment card numbers and related payment-method details are collected and stored by our payment processor (Stripe), not on our servers.
• Domain monitoring data: domain names you add, notification preferences, mute rules, history of tracked attributes (for example registration status, DNS, auction or marketplace signals, HTTP resolution, certificate dates, and similar technical fields), and optional integrations you configure (such as Slack, webhooks, or extra email recipients you invite).
• Communications: messages you send us (for example through contact or support channels), plus related metadata needed to respond.
• Technical and security logs: server and application logs that may include IP addresses, timestamps, user agents, and error information, used to secure the service, troubleshoot, and prevent abuse.
• Cookies and similar technologies: see Section 5.

3. How monitoring uses APIs and external services

All monitoring is automated. Our systems query external sources on a schedule or when you refresh data. Those requests may transmit the domain name being checked (and sometimes related technical identifiers) to the operator of each source. We combine the responses with your account so you can see changes over time and receive alerts.

Examples of external data sources and mechanisms we use include:

• Registration data (RDAP and WHOIS): queries to registry and registrar RDAP/WHOIS endpoints to read public registration and nameserver fields.
• DNS resolution: DNS-over-HTTPS queries via public resolvers to read DNS records for domains that have delegated nameservers.
• Reputation and security signals: API or DNS-based domain blocklist lookup for malware/spam listing signals.
• HTTP and TLS inspection: our servers may request your monitored domain over HTTPS, follow redirects, and record high-level HTTP outcomes (for example whether the site resolves and status codes). When applicable we inspect TLS certificates presented by the domain’s server.
• Auction and aftermarket APIs or endpoints: we may query listing providers and auction platforms to detect whether a name is listed for sale or auction.
• Marketplace and broker listings: we may query marketplace feeds or related APIs including optional enrichment via 123-reg when Afternic returns a listing.
• Screenshots: when conditions are met we may render a screenshot, then store the image in Amazon S3 for display in the product.

Standalone utilities. Some pages (like tools) offer one-off RDAP, WHOIS, DNS, pricing, or blacklist checks. Those pages state whether your query is logged or tied to an account. Unless you sign in and save a domain to monitoring, we do not treat those tools as part of your monitored portfolio.

Important distinction: much of the underlying domain information we retrieve is already public (for example registration summaries or listing pages). What we commit to here is how your Notify.domains account ties those domains to you. We do not publish your personal watch list or sell access to it as marketing data. Individual third parties may still log their own traffic according to their policies when our systems query them.

4. How we use your information

We use personal and monitoring data to:

• Provide monitoring, dashboards, history, and alerts
• Authenticate users and prevent fraud or abuse
• Process subscriptions and billing through Stripe
• Deliver email and optional integrations you turn on (Slack, HTTPS webhooks, extra recipients)
• Operate, secure, debug, and improve reliability of the service
• Respond to support requests and legal notices where required

5. Cookies, local storage, and similar technologies

We use:

• Essential cookies for signed-in sessions and core security (for example WordPress authentication cookies).
• Google reCAPTCHA on certain flows when enabled, to reduce automated abuse. Google may set or read cookies per Google’s policies.
• Local storage for lightweight UI preferences (for example theme choice) where implemented in the front end.

You can control cookies through your browser. Blocking essential cookies may prevent sign-in or parts of the app from working.

6. Third parties and subprocessors

We share data with companies that process it on our behalf or receive it because you route notifications through them. Categories include:

• Payments: Stripe (hosted checkout, billing portal, webhooks).
• Infrastructure and storage: hosting providers for our application and databases. Amazon Web Services (S3) for screenshot storage.
• Email delivery: transactional email as configured for the site (for example through your host or an SMTP provider).
• Monitoring sources: registry, registrar, marketplace, auction, DNS, reputation services, and screenshot APIs described in Section 3.
• Bot protection: Google (reCAPTCHA).

We do not sell your personal information to anyone, including data brokers and advertisers.

7. User-directed sharing

If you connect Slack, a custom HTTPS webhook, or add additional email recipients to alerts, you instruct us to send alert payloads to those destinations. You are responsible for the privacy practices of tools and inboxes you connect.

8. Human access to customer data

Day-to-day monitoring runs automatically on servers without someone reviewing your portfolio by hand. When human access is needed, for example investigating a bug, responding to a support ticket you opened, mitigating abuse, or fulfilling legal obligations, that access is limited to the founder (Michael Cyger) operating the business. We do not maintain a separate tier of support agents with standing access to customer accounts.

Third-party processors listed above may access data only as necessary to provide their services (for example Stripe processing a payment, or AWS storing an object you generated).

9. Security

We use administrative, technical, and organizational measures appropriate to the nature of the service, including encryption in transit for browser access (HTTPS) and protections around servers and credentials. No method of storage or transmission is perfectly secure. If we become aware of an incident that affects your personal information in a material way, we will notify you as required by applicable law.

10. Data retention

We retain account and monitoring data while your account is active and for a reasonable period afterward to resolve disputes, comply with law, and recover from backups. Billing-related records may be kept longer where tax or financial rules require. Security logs are retained for a limited rolling window appropriate to abuse prevention and diagnostics.

You can permanently delete your account from Profile (Delete Account), after confirming your password. Some information may persist in backups or where retention is legally required.

11. Your choices and rights

Depending on where you live, you may have rights to access, correct, delete, or export personal information, and to object to certain processing. You can:

• Update account details in the product where available
• Delete your account from Profile, or contact us if you need help
• Opt out of non-essential email where those controls exist (transactional and security messages may continue)
• Disconnect optional integrations (Slack, webhooks, extra recipients)

To exercise privacy rights, contact us using the details in Section 17. We may need to verify your request.

12. International users

We are based in the United States. If you access the service from another country, your information may be processed and stored in the U.S. or in jurisdictions where our subprocessors operate. Where required, we rely on appropriate mechanisms for cross-border transfers.

13. Children

Notify.domains is not directed to children under 13, and we do not knowingly collect personal information from children under 13.

14. California residents

If California law applies, you may have additional rights regarding personal information (including rights to know, delete, and opt out of certain “sales” or “sharing” as defined under California law). We do not sell personal information for money. For requests, use the contact method in Section 17.

15. Changes to this policy

We may update this policy to reflect product or legal changes. We will post the revised policy on this page and update the “Last updated” date and the document version line under the title. If a change is material, we will provide additional notice where appropriate, for example by email or an in-product message.

Checkout snapshots. When you first pay, we record document versions for the Terms of Service and Refund Policy in your billing acceptance record for disputes and chargebacks. Privacy Policy updates are reflected on this page and in admin export summaries, but they do not retroactively change those stored Terms or Refund version numbers.

16. Governing law

This Privacy Policy is governed by the laws of the State of Washington, United States, without regard to conflict-of-law rules.

17. Contact

For questions about this policy or privacy requests, contact: https://notify.domains/contact?to=legal