GetTheDomain

1. Who We Are

GetTheDomain (getthedomain.app) is a bulk domain availability checker that helps you find available domain names for your business. We are the data controller for the personal data described in this policy. If you have any questions about how we handle your data, you can reach us at privacy@getthedomain.app.

2. What Data We Collect

The following table describes all personal data we collect, the legal basis for processing it, and how long we retain it.

3. How We Use Your Data

We process your personal data for the following purposes:

• Provide the service -- check domain availability across multiple TLDs based on the business names you submit and display the results.
• Track usage to improve the app -- understand which features are used, how searches are performed, and where users encounter issues so we can make GetTheDomain better.
• Prevent abuse -- enforce rate limits to protect our infrastructure and ensure fair access for all users.
• Save your searches -- store search results for authenticated users so you can return to them later.
• Remember your preferences -- persist your chosen theme (light or dark mode) across sessions.

4. Legal Bases for Processing

Under the GDPR, we rely on the following legal bases:

• Consent -- We collect analytics data, search logs, and session identifiers only when you give us consent via the cookie banner. You can withdraw your consent at any time by clicking "Cookie Settings" in the page footer. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.
• Contract -- When you create an account or sign in, we process your email address, password hash, and saved searches as necessary to provide the account features you requested.
• Legitimate interest -- We use rate-limiting cookies to protect our service from abuse and store your theme preference for a better user experience. These involve minimal data and do not override your fundamental rights.
• Legal obligation -- We store your consent choice to demonstrate compliance with GDPR requirements.

5. Cookies

We use strictly necessary cookies for essential functionality such as rate limiting, theme preference, and recording your consent choice. These cookies do not require your consent.

We also use optional analytics cookies to track usage patterns and improve the service. These are only set after you give consent via the cookie banner.

For a full list of cookies we use, their purposes, and their lifetimes, see our Cookie Policy.

6. Who We Share Data With

We share data with the following third-party service providers, solely to operate and deliver the service:

• Supabase -- Database and authentication. Your account data, search logs, and analytics events are stored in Supabase-hosted PostgreSQL databases located in the European Union.
• Netlify -- Hosting and content delivery. Netlify processes your HTTP requests to serve the application via its global CDN.
• Google -- OAuth authentication only. If you choose to sign in with Google, your email address is shared with Google to complete the authentication flow. Google is based in the United States.

We do not sell your data. We do not share your data with advertisers or any other third parties.

7. International Data Transfers

Your database and account data is stored by Supabase in the European Union. When you sign in with Google OAuth, data is transferred to Google servers in the United States. This transfer is covered by Standard Contractual Clauses (SCCs) approved by the European Commission. Netlify's CDN processes HTTP requests globally to serve the application from the nearest edge location.

8. How Long We Keep Your Data

• Account data (email, password hash) -- retained until you delete your account.
• Search logs and analytics -- retained for 12 months, then automatically deleted.
• Saved searches -- retained for 30 days, then automatically deleted.
• Cookies -- see the retention periods in the data table above, or visit our Cookie Policy for full details.

9. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access -- request a copy of your data (download from Settings).
• Right to rectification -- correct inaccurate personal data we hold about you.
• Right to erasure -- delete your data by deleting your account from Settings.
• Right to restrict processing -- ask us to limit how we use your data.
• Right to data portability -- download your data in a machine-readable format (JSON) from Settings.
• Right to object -- object to our processing of your data where we rely on legitimate interest.
• Right to withdraw consent -- withdraw your analytics consent at any time by clicking "Cookie Settings" in the page footer.

To exercise any of these rights, contact us at privacy@getthedomain.app. We will respond within 30 days.

10. Right to Complain

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with a supervisory authority:

• UK -- Information Commissioner's Office (ICO) at ico.org.uk.
• EU -- your local Data Protection Authority. A list is available on the European Data Protection Board website.

11. Children

This service is not intended for anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child under 16 has provided us with personal data, please contact us at privacy@getthedomain.app and we will delete it promptly.

12. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. When we do, we will revise the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or our data practices, contact us at privacy@getthedomain.app.