Privacy Policy

Last Updated: September 26, 2025

1. Introduction

Welcome to Unifydom. This Privacy Policy explains how Mon Agence Creative ("we," "us," or "our") collects, uses, shares, and protects information when you use our website and services (collectively, the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. This policy applies to all visitors, users, and others who access the Service.

For the purpose of the General Data Protection Regulation (GDPR), the data controller is:

Mon Agence Creative
46 rue Louis Brechard
69620 Chamelet, France
SIREN: 979357324

2. Information We Collect and Why

We collect and process information in several ways to provide and improve our Service. The legal basis for our processing of personal data is typically to perform our contract with you (i.e., the Terms of Service).

A. Information You Provide Directly

• Account Information: When you create an account, we collect your email address to manage your account, send authentication links, and communicate important service updates. You may also voluntarily provide a user handle or other profile information.
• Domain and Configuration Data: You provide us with domain names for your portfolio and watchlist, as well as configurations for alerts. We use this information to provide the core functionality of the Service.
• Registrar API Credentials: To connect a domain registrar, you may provide API credentials. These are highly sensitive and are never stored on our servers. They are encrypted and stored directly in a secure, certified secret management service (Microsoft Azure Key Vault). We use them solely to fetch read-only data from your registrar on your behalf.
• Communications: If you contact us for support or feedback, we collect your name, email address, and the content of your message to respond to your inquiry and improve our Service.

B. Information We Collect Automatically (Service Data)

When you add a domain, our Service automatically queries public and third-party sources to gather data necessary for monitoring. This includes:

• Domain Data: Public WHOIS data (registrar, expiration dates), DNS records (A, MX, TXT, etc.), and SSL certificate details (issuer, validity).
• Website Monitoring Data: Website availability (uptime/downtime), server response times, and HTTP status codes.
• Website Screenshots: For active websites, we periodically capture and store screenshots to provide you with a visual history. These are stored securely in our object storage.

C. Information About Your Interaction with the Service

• Usage Data: We may collect technical information about how you access and use the Service, such as your IP address, browser type, and pages visited. This helps us secure the service, prevent abuse, and analyze performance to improve the user experience.
• Cookies and Local Storage: We use essential cookies solely to maintain your login session. We do not use them for advertising or cross-site tracking. We use your browser's local storage to save your UI preferences (e.g., light/dark theme) for a better user experience.

D. Payment Information

For paid subscriptions, we use the third-party payment processor Stripe. We do not collect, store, or have access to your full payment card details. Stripe handles all payment processing, and their use of your information is governed by their privacy policy. We only store data about your subscription plan, billing cycle, and payment status.

3. How We Share Your Information

We do not sell your personal information. We only share information with trusted third-party service providers (sub-processors) who help us operate the Service. We have agreements with these providers to ensure they protect your data.

• Payment Processing: Stripe, Inc. processes subscription payments.
• Secure Credential Storage: Microsoft Corporation (Azure Key Vault) securely stores encrypted registrar API keys.
• Infrastructure and Hosting: We use virtual private servers from our infrastructure provider, Hetzner Online GmbH, to host our application and data. Our servers are located within the European Union. Website screenshots are stored in a self-hosted object storage system (MinIO) running on this infrastructure.
• Email Delivery: Email service providers to send authentication links, alerts, and service notifications.
• Domain Data Lookups: Third-party APIs to fetch public WHOIS and DNS data.

We may also disclose your information if required by law, such as in response to a court order or other valid legal process, or to protect our rights, property, or safety, or that of our users or the public.

4. Your Data Protection Rights (GDPR)

If you are a resident of the European Economic Area (EEA), you have the following data protection rights:

• The right to access, update, or delete the information we have on you. You can manage most of your data directly within your account settings.
• The right of rectification to correct any information that is inaccurate or incomplete.
• The right to object to our processing of your personal data.
• The right of restriction to request that we limit the processing of your personal information.
• The right to data portability for the information you provide to us.
• The right to withdraw consent at any time where we relied on your consent to process your information.

To exercise these rights, please use your account settings or contact us. You also have the right to lodge a complaint with a Data Protection Authority (such as the CNIL in France) about our collection and use of your data.

5. Data Retention and Deletion

We retain your personal data only for as long as your account is active or as needed to provide you with the Service and comply with our legal obligations.

When you delete your account via your account settings, we initiate a permanent, GDPR-compliant deletion process. This irreversible action involves deleting all domains, alerts, and registrar connections, and anonymizing your personal account information (e.g., your email is replaced with a non-identifiable string).

6. Data Security

We take the security of your data very seriously and implement industry-standard measures to protect it. These include:

• Using secure, passwordless "magic link" authentication to eliminate password-related risks.
• Storing sensitive API keys in Microsoft Azure Key Vault, a dedicated and certified secure storage solution.
• Encrypting all data in transit using TLS/SSL.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security.

7. International Data Transfers

Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, or country where data protection laws may differ. As our hosting infrastructure is within the European Union, transfers outside the EEA are limited to the sub-processors listed in Section 3, and we ensure that adequate data protection safeguards are in place for any such transfers.

8. Children's Privacy

Our Service is not intended for anyone under the age of 18 ("Children"). We do not knowingly collect personally identifiable information from children. If you become aware that a child has provided us with Personal Data, please contact us.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page, updating the "Last Updated" date, and/or notifying you through the Service or by email.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us at [email protected].