Legal

Privacy Policy

Last updated: May 25, 2026

This Privacy Policy describes how Reedster LLC ("we", "us", "our") collects, uses, and protects your information when you use the Xpiry service ("Service").

1. Information We Collect

Account Information

When you create an account, we collect your email address and hashed password. We do not store plaintext passwords.

Domain Data

When you add domains for monitoring, we collect and store: domain names, SSL certificate details (issuer, expiry dates, chain information), domain registration data (registrar, expiry dates), DNS verification records, and check history logs.

Usage Data

We collect standard web server logs including IP addresses, browser user agents, and session information for security and service operation purposes.

Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers or full payment details on our servers. See Stripe's Privacy Policy for details.

2. How We Use Your Information

We use the information we collect solely to operate and improve the Service. Specifically, we use your data to:

  • Provide the monitoring service — checking SSL certificates and domain registrations on your behalf
  • Send alert notifications — delivering email, Slack, or webhook alerts based on your configured preferences
  • Process payments — managing subscriptions and billing through Stripe
  • Communicate important notices — service updates, security alerts, and policy changes
  • Improve the Service — diagnosing bugs, analyzing aggregate usage patterns, and enhancing features
  • Maintain security — detecting and preventing fraud, abuse, and unauthorized access

We do not use your data for advertising, profiling, or any purpose unrelated to delivering and improving the Service.

3. Data Sharing — We Will Never Sell Your Data

We will never sell, rent, lease, or trade your personal data or domain information to any third party. We will never provide access to your data to advertisers, data brokers, or any other commercial entity.

We share data only with the following service providers, strictly as needed to operate the Service:

  • Stripe — payment processing only; they receive your billing details to process transactions
  • Resend — transactional email delivery only; they receive your email address to deliver alerts and account notifications
  • Railway — infrastructure hosting; your data resides on their servers as part of running the Service
  • Cloudflare — bot protection (Turnstile CAPTCHA); they may receive your IP address during verification

These providers are contractually bound to use your data only for the purpose of providing their services to us.

We may disclose information if required by law, court order, or government request, or to protect the rights, property, or safety of Reedster LLC, our users, or the public.

4. Data Retention

Account data is retained while your account is active. Check history is retained according to your plan (7 days for Free, 90 days for Pro, 1 year for Agency). Upon account deletion, all data is permanently removed within 30 days.

5. Security

We use industry-standard security measures including encrypted connections (TLS), hashed passwords (bcrypt), and secure session management. Database access is restricted and encrypted at rest.

6. Cookies

We use a single session cookie to maintain your login state. This cookie is strictly necessary for the Service to function and is set only when you sign in. It is:

  • HTTP-only — not accessible to JavaScript, preventing XSS attacks
  • Secure — transmitted only over HTTPS in production
  • SameSite: Lax — restricted to same-site requests for CSRF protection
  • Expires after 30 days — automatically removed after the session period

We do not use third-party tracking cookies, advertising pixels, analytics trackers, or any other non-essential cookies. We do not participate in any advertising networks.

7. Your Rights

You have the right to:

  • Access the data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and all associated data
  • Export your domain and check data

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email.

9. Contact

Questions about this Privacy Policy? Contact us at [email protected].