Privacy Policy

1.1 Information you provide

• Account data: name, email address, and password (stored as a bcrypt hash).
• Payment data: billing details processed by Stripe. We do not store raw card numbers; Stripe handles PCI-DSS compliance on our behalf.
• Communications: any messages you send to our support team.

1.2 Information collected automatically

• Usage data: pages viewed, features used, domains searched, credits consumed, and timestamps of activity.
• Device and log data: IP address, browser type, operating system, referring URLs, and error logs.
• Cookies and similar technologies: session cookies required for authentication, and analytics cookies (see Section 5).

1.3 Information from third parties

• Stripe: subscription status, payment events, and customer identifiers.
• We do not purchase or receive personal data from data brokers.

We use the information we collect to:

• Create and manage your account and authenticate you.
• Process payments, manage subscriptions, and maintain your credit balance.
• Deliver and improve the Service, including generating AI-powered domain analysis.
• Send transactional emails: email verification, password resets, payment receipts, and subscription notifications.
• Send product updates and promotional communications (you may opt out at any time).
• Monitor for fraud, abuse, and security incidents.
• Comply with legal obligations.
• Aggregate and anonymise data for internal analytics and product improvement.

Where GDPR or equivalent law applies, our legal bases for processing personal data are:

• Contract performance: processing necessary to provide the Service you have signed up for (account management, billing, feature delivery).
• Legitimate interests: fraud prevention, security, product improvement, and direct marketing to existing users — balanced against your interests and rights.
• Consent: marketing communications beyond the existing customer relationship, and non-essential cookies.
• Legal obligation: retention of financial records and compliance with court orders or regulatory requests.

We share personal data only in the following circumstances:

• Service providers: Stripe (payments), Neon (database hosting), Apify (data enrichment), and our email provider — each bound by data processing agreements and obligated to protect your data.
• Business transfers: if we merge with, are acquired by, or sell assets to another company, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.
• Legal requirements: if required to do so by law, court order, or to protect the rights, property, or safety of Domain Prospector, our users, or the public.

We do not sell or rent your personal information to third parties for their own marketing purposes.

We use the following categories of cookies:

• Strictly necessary: session cookies that keep you logged in and maintain your preferences. These cannot be disabled without breaking the Service.
• Analytics: anonymous usage statistics to understand how the Service is used. You may opt out of analytics cookies via your browser settings or a cookie consent banner where required by law.

Most browsers allow you to refuse or delete cookies. Doing so may affect the functionality of the Service.

We retain personal data for as long as:

• Your account is active, or as needed to provide the Service.
• Required to comply with legal obligations (e.g., financial records for 5 years under South African tax law).
• Needed to resolve disputes or enforce agreements.

When you delete your account, we will delete or anonymise your personal data within 90 days, except where retention is required by law.

We implement industry-standard security measures including TLS encryption in transit, bcrypt password hashing, and access controls. Our database is hosted on Neon (serverless PostgreSQL) with encryption at rest. Payment data is handled exclusively by Stripe and never stored on our servers.

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security, but we will notify you of any material breach as required by applicable law.

Domain Prospector is based in South Africa. Our infrastructure providers (including Neon, Stripe, and Apify) may process data in the United States or other countries. Where such transfers occur from the EEA, we rely on Standard Contractual Clauses or other appropriate safeguards as required by GDPR. By using the Service, you acknowledge that your data may be transferred internationally.

Depending on your location, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Delete your personal data ("right to be forgotten"), subject to legal retention obligations.
• Restrict or object to certain processing activities.
• Data portability — receive your data in a structured, machine-readable format.
• Withdraw consent at any time where processing is based on consent.
• Lodge a complaint with your local data protection authority (e.g., the Information Regulator in South Africa, the ICO in the UK, or your EU supervisory authority).
• CCPA/CPRA (California residents): the right to know, delete, correct, and opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, email privacy@domainprospector.net. We will respond within 30 days. We may need to verify your identity before processing your request.

The Service is not directed at children under 13. We do not knowingly collect personal data from children. If we learn that we have inadvertently collected data from a child under 13, we will delete it promptly. If you believe we have collected such data, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a prominent notice in the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

For privacy-related queries, rights requests, or complaints, contact our privacy team: