Privacy Policy

itriskcheck.com (“we,” “us,” or “our”) operates the CertWatch service at https://watch.itriskcheck.com. This Privacy Policy explains what information we collect, how we use it, and your choices regarding that information.

1. Information We Collect

Account information. When you subscribe we collect your email address. No password is stored; authentication is handled via time-limited magic links.

Monitored hostnames. You provide the domain names and hostnames you want us to check. These are stored in our database and used exclusively to perform the monitoring service.

Payment information. Billing is handled entirely by Stripe, Inc. We receive a Stripe customer ID and subscription status from Stripe but we never see or store your full card number, CVV, or bank details.

Usage and technical data. Our hosting infrastructure (Railway) may log standard HTTP access data including IP addresses and user-agent strings for security and diagnostic purposes. We do not use third-party analytics or tracking pixels.

2. How We Use Your Information

• To perform daily SSL, WHOIS, and DNS checks on your registered hostnames.
• To send alert and notification emails when a threshold is reached or an anomaly is detected.
• To send transactional emails (magic-link sign-in, welcome, billing notifications).
• To process and manage your subscription through Stripe.
• To maintain the security and integrity of the Service.
• To comply with applicable legal obligations.

We do not sell your data to third parties. We do not use your data for advertising.

3. Third-Party Services

We share limited data with the following third parties in order to operate the Service:

• Stripe, Inc. — payment processing. Your email address is shared with Stripe to create a billing profile. Stripe’s use of your data is governed by Stripe’s Privacy Policy.
• Twilio SendGrid — transactional email delivery. Your email address and the content of alert notifications are transmitted to SendGrid for delivery. SendGrid’s use of your data is governed by SendGrid’s Privacy Policy.
• Railway — cloud hosting and database infrastructure located in the United States. Railway’s use of infrastructure data is governed by Railway’s Privacy Policy.

Public DNS resolvers and WHOIS servers are queried as part of the monitoring checks. Only hostname strings are transmitted; no personal information is included in those queries.

4. Data Retention

While your subscription is active, your account, hostname, and check-result data is retained in our database. If your subscription is cancelled or lapses, your data is retained for 30 days to allow you to reactivate, after which it is permanently deleted. You may request earlier deletion by contacting us at support@itriskcheck.com.

5. Security

All data is transmitted over HTTPS. Database access is restricted to our application services over private networking. Session tokens are stored as HttpOnly, Secure, SameSite=Lax cookies. We apply reasonable technical safeguards, but no transmission or storage method is 100% secure.

6. Children’s Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

7. Your Rights and Choices

You may request access to, correction of, or deletion of your personal data at any time by emailing support@itriskcheck.com. We will respond within 30 days. For European or California residents with additional statutory rights, please include your jurisdiction in your request and we will make reasonable efforts to accommodate those rights.

8. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email at least 14 days before the updated policy takes effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

9. Contact

For questions or requests related to this Privacy Policy, contact us at: