1. Who We Are
Domainion provides a domain portfolio management service. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service at domainion.app.
For questions about this policy or to exercise your rights, contact us at support@domainion.co.
2. What Data We Collect and Why
Account data
When you create an account we collect your email address and a hashed version of your password. We use this to authenticate you and to send transactional emails (account confirmation, billing receipts, important service notices). Your password is never stored in plain text.
Workspace and domain data
We store the workspace name, plan tier, and membership roles you set up, along with the domain names, expiry dates, renewal status, and registrar associations you add or sync. This data is the core of the service — we store it to provide you with a domain portfolio view.
Registrar credentials
API keys, secrets, and other credentials you provide to connect your registrar accounts are encrypted at rest using AES-256 encryption (Rails Active Record Encryption). They are used only to fetch domain data on your behalf via the registrar’s API and are never logged, shared with third parties, or used for any other purpose. When you remove a registrar connection, the credentials are deleted.
Billing data
Payments are processed by Stripe. Domainion stores your subscription plan and status. Full payment details (card numbers, billing addresses) are held by Stripe and governed by Stripe’s Privacy Policy. We receive only non-sensitive billing metadata (subscription status, last four digits of card) from Stripe.
Usage analytics
With your consent, Domainion collects first-party product analytics using Ahoy, a self-hosted analytics tool. No data is sent to third-party analytics services. IP addresses are masked to the first two octets before storage (e.g. 192.168.x.x). You can withdraw analytics consent at any time via the Cookie Preferences page.
Error monitoring
Unhandled application errors are reported to Sentry, a third-party error monitoring service. Error reports include your user ID, workspace ID, the request path, and a stack trace. They do not include registrar credentials, passwords, confirmation tokens, or API keys. Error monitoring is active in our staging and production environments only.
Transactional email
Transactional emails (account confirmation, billing receipts) are sent via Mailgun, an EU-based email delivery service. Mailgun processes only the recipient address and message content necessary to deliver the email.
Session and cookie data
We use cookies and local storage to keep you signed in and to support analytics. See the Cookies section below for details.
3. How We Use Your Data
We use the data described above to:
- Provide, maintain, and improve the Domainion service
- Authenticate you and keep your account secure
- Process billing and manage subscriptions via Stripe
- Send transactional emails (confirmations, receipts, important notices)
- Monitor for errors and application failures (Sentry)
- Understand how the product is used, with your consent (Ahoy analytics)
We do not sell your data. We do not use your data for advertising or share it with any third party except the processors listed in this policy.
4. Registrar Credentials — Special Handling
Because registrar API credentials are sensitive, we treat them with additional care:
- Stored using AES-256 encryption at rest in our database
- Accessed only to perform domain syncs you initiate
- Never included in application logs, error reports, or analytics events
- Deleted immediately and permanently when you remove a registrar connection or delete your account
5. Data Processors and Subprocessors
| Processor | Purpose | Location |
|---|---|---|
| Stripe | Payment processing and subscription management | US / global |
| Mailgun | Transactional email delivery | EU |
| Sentry | Error monitoring and exception reporting | US |
| Hetzner | Cloud infrastructure and hosting | EU (Germany) |
6. International Data Transfers
Our primary infrastructure runs on Hetzner servers in the EU (Germany). Where we use processors based outside the EU/UK (Stripe, Sentry), data is transferred under Standard Contractual Clauses or equivalent safeguards as required by applicable data protection law.
7. Data Retention
- Account and domain data: retained while your account is active. On account deletion, your data is removed within 30 days except where we are required by law to retain it.
- Billing records: retained as required for financial and tax compliance (typically 7 years).
- Sentry error events: retained according to Sentry’s default retention period (90 days on the free tier; configurable on paid Sentry plans).
- Analytics events: retained as long as your account is active.
8. Your Rights
Under UK GDPR and applicable data protection law, you have the following rights over your personal data. Some you can exercise directly in the app; others are handled by our support team.
You can do these yourself in the app
- Delete your account — go to Profile and select Delete Account. This permanently removes your account and all workspaces you solely own.
- Update your email or password — go to Profile.
- Withdraw analytics consent — go to Cookie Preferences at any time.
Contact us for these
- Access — request a copy of the personal data we hold about you
- Correction — request correction of data you cannot update yourself
- Restriction or objection — request that we limit or stop certain processing
- Portability — request your data in a structured, machine-readable format
Email support@domainion.co. We will respond within 30 days.
9. Cookies
Domainion uses cookies to operate and improve our service. You can manage your preferences on the Cookie Preferences page.
Strictly necessary cookies
These cookies are essential for the app to work. They include session cookies for authentication, CSRF protection, and your cookie preference choices. These cannot be disabled.
Analytics cookies
Domainion uses first-party product analytics via Ahoy to understand how visitors use the product. Analytics cookies are only loaded after you give consent. You can withdraw consent at any time via the Cookie Preferences page.
Diagnostics cookies
If browser-side diagnostics are added, Domainion may use cookies to associate error data with your session. This only happens when you have explicitly consented to diagnostics. Diagnostics cookies are not used for marketing or advertising.
10. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes we will notify you by email or via an in-app notice before the changes take effect.
11. Contact
For privacy questions or to exercise your rights:
Email: support@domainion.co
You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk if you believe we have not handled your data in accordance with applicable law.