Privacy Policy

Last Updated: January 19, 2026

At Zonemon, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our domain monitoring service.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.

1. Information We Collect

1.1 Information You Provide to Us

We collect information you provide directly to us, such as:

• Account Information: Organization name, billing email, and account settings
• User Information: Email address, name, password, and role within your organization
• Domain Information: Domain names you add for monitoring and their configuration
• Payment Information: Billing details processed securely through Stripe (we do not store card numbers)
• Team Information: Email addresses of users you invite to your account
• Communications: Information in emails, support requests, or feedback you send us

1.2 Information Collected Automatically

When you use our Service, we automatically collect:

• Log Data: IP address, browser type, operating system, referring URLs, and pages viewed
• Device Information: Device type, unique device identifiers, and mobile network information
• Usage Data: Features used, actions taken, and time spent on the Service
• Cookies: We use cookies and similar tracking technologies to maintain sessions and remember preferences

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Service
• Process transactions and send related information
• Send you technical notices, updates, and support messages
• Respond to your comments, questions, and requests
• Monitor and analyze trends, usage, and activities
• Detect, investigate, and prevent fraudulent or illegal activities
• Personalize and improve your experience
• Send marketing communications (with your consent)

3. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information in the following situations:

3.1 Service Providers: We share information with third-party vendors who perform services for us, such as:

• Payment Processing (Stripe): We share billing information to process payments. Stripe handles all credit card data directly and we never store card numbers on our servers
• Cloud Infrastructure (Google Cloud Platform): Our application and data are hosted on GCP with appropriate security measures
• Authentication (Firebase/Google): User authentication and session management
• Email Services: To send transactional emails and notifications
• Analytics Providers: To understand usage patterns and improve our service

3.2 Within Your Organization: Information is shared within your account based on user roles:

• Owners: Full access to all account data and settings
• Admins: Access to most features except billing and account deletion
• Members: Access to domain monitoring and basic features
• Viewers: Read-only access to domain information

3.3 Legal Requirements: We may disclose information if required to do so by law or in response to valid requests by public authorities.

3.4 Business Transfers: If we are involved in a merger, acquisition, or asset sale, your information may be transferred. We will notify you of any such change.

3.5 Aggregated Data: We may share aggregated, non-identifying information publicly or with partners for business or research purposes.

3.6 Consent: We may share information with your consent or at your direction.

4. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this policy. Retention periods include:

• Active Accounts: All data retained while your subscription is active
• Free Tier Accounts: Domain scan data retained for 30 days
• Cancelled Accounts: Data retained for 90 days after cancellation for potential reactivation
• Deleted Accounts: All data permanently deleted within 30 days of deletion request
• Payment Records: Retained as required for tax and accounting purposes (typically 7 years)
• Backup Data: Automated backups retained for 30 days for disaster recovery
• Invitation Data: Pending invitations expire and are deleted after 7 days
• Marketing Communications: Until you unsubscribe

5. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication requirements
• Employee training on data protection
• Incident response procedures

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

6. Your Rights and Choices

6.1 Access and Update

You can access and update your account information through your dashboard settings.

6.2 Data Portability

You can request a copy of your data in a structured, machine-readable format.

6.3 Deletion

You can request deletion of your account and associated data, subject to legal retention requirements.

6.4 Marketing Communications

You can opt-out of marketing emails by clicking the unsubscribe link or contacting us.

6.5 Cookies

Most browsers allow you to refuse cookies. However, this may limit Service functionality.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers in accordance with applicable laws.

8. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we learn we have collected such information, we will promptly delete it.

9. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA), including:

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information
• Right to equal service and price

We do not sell personal information.

10. European Privacy Rights

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to lodge a complaint with supervisory authorities

11. User Invitations and Team Management

When you invite users to your account:

• We collect the email addresses of invitees
• We send invitation emails on your behalf
• Invitees can accept or decline invitations
• Invitation links expire after 7 days for security
• Account owners can revoke pending invitations
• New users joining via invitation are subject to this Privacy Policy

12. Third-Party Services

Our Service integrates with and may contain links to third-party services:

• Stripe: For payment processing. View Stripe's privacy policy at stripe.com/privacy
• Google/Firebase: For authentication. View Google's privacy policy at policies.google.com/privacy
• External Websites: We are not responsible for the privacy practices of external sites we link to

We encourage you to read the privacy policies of any third-party services you interact with through our Service.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date.

14. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Email: privacy@zonemon.io
Address: [Your Business Address]
Data Protection Officer: dpo@zonemon.io

15. Cookie Policy

We use the following types of cookies: