ScanMyDomain

Privacy Policy

Last updated: 18 March 2026

1. Who we are

ScanMyDomain is operated by Kingsfield Ventures. If you have questions about this policy, contact us at support@kingsfieldventures.com.

2. Data we collect

  • Account information: Your email address and hashed password when you create an account.
  • Domain scan data: The domain names you scan and the results of those scans (DNS records, SSL certificate details, email authentication status).
  • Payment information: Processed securely by Stripe. We do not store your card details.
  • Usage data: Basic server logs (IP address, request timestamps) for security and rate limiting.

3. How we use your data

  • To provide domain scanning and monitoring services.
  • To send email alerts about your monitored domains (score changes, SSL expiry, critical findings).
  • To process subscription payments via Stripe.
  • To prevent abuse and enforce rate limits.

4. Third-party services

We share data with the following services, solely to operate ScanMyDomain:

  • Supabase — Database and authentication (your email, scan results).
  • Stripe — Payment processing (your email and payment details).
  • Resend — Transactional email delivery (your email address).
  • Upstash — Rate limiting and caching (IP addresses, scan results).
  • Vercel — Hosting and server infrastructure.

5. Cookies

We use only essential cookies required for authentication and session management. We do not use tracking cookies, analytics cookies, or advertising cookies.

6. Data retention

Your account data and scan history are retained for as long as your account is active. If you request account deletion, we will remove all your personal data within 30 days. Cached scan results expire automatically after 5 minutes.

7. Your rights

Under GDPR and applicable data protection laws, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and data.
  • Export your data in a portable format.
  • Withdraw consent for email alerts at any time.

To exercise any of these rights, email support@kingsfieldventures.com.

8. Data security

All data is encrypted in transit (TLS) and at rest. Authentication is handled by Supabase with industry-standard password hashing. Payment data is processed by Stripe, a PCI DSS Level 1 certified provider.

9. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email to registered users. The date at the top of this page indicates the last revision.