Privacy policy

Effective date: 18 June 2026

This privacy policy explains how DomainDash Platforms Ltd (company number 17115864) collects, uses, stores, and protects your personal data when you use the DomainDash website uptime monitoring service. DomainDash Platforms Ltd is the data controller responsible for your personal data.

Our registered address is 167-169 Great Portland Street, London, W1W 5PF, England.

This policy is written in plain English so you can understand exactly what happens with your data. If you have any questions, you can contact us at inbox@domaindash.io.

1. Who we are

DomainDash Platforms Ltd is a company incorporated in England and Wales with company number 17115864, with its registered office at 167-169 Great Portland Street, London, W1W 5PF, England.

We operate DomainDash, a website uptime monitoring service. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are the data controller.

If you need to contact us about your personal data or this policy, please email us at inbox@domaindash.io.

2. Personal data we collect

We collect the following categories of personal data when you use DomainDash:

your name;
your email address;
your timezone;
the website domain names you add for monitoring;
billing details, where you subscribe to a paid plan — your billing name, billing email, and billing address (stored on the invoices we issue);
your mobile phone number, if you choose to enable SMS alerts (we send a one-time code to verify it; the code is short-lived and stored in a non-recoverable form);
the email addresses of people you invite to your team, and, where you connect Slack, the channel and account details needed to deliver alerts there;
the email address of any visitor who subscribes to one of your public status pages (collected only when they opt in, and used solely to tell them once when the related incident is resolved);
technical metadata generated as you use the service (your IP address and browser user-agent) recorded in our security audit log and session records; and
payment data, which is collected and processed by our payment processor, Stripe. We do not store your full credit card or debit card details, only the card brand and last four digits, as returned to us by Stripe.

Some monitoring results (in particular WHOIS domain-registration records) may incidentally contain personal data about a domain's registrant where that information is published in public registries. We process this only as part of delivering the domain checks you have asked us to run.

3. How and why we use your data

We process your personal data on the following lawful bases under the UK GDPR:

Contract performance (Article 6(1)(b))

We process your name, email address, timezone, website domain names, billing details, phone number (where you enable SMS alerts), team-member invitation emails, and Slack connection details because this is necessary to perform our contract with you and to provide the DomainDash service. This includes:

creating and managing your account and team;
running the checks (uptime, SSL, DNS, and domain expiry) on the website domains you add to the service;
sending you service-related notifications (such as incident alerts) by email, and, where you have set them up, by SMS or to your connected Slack workspace;
generating the dashboard, site, and status-page Insights that summarise your monitoring data (see section 4); and
processing your payments through Stripe.

Without this data, we cannot provide the service to you.

If you choose to subscribe to our marketing emails, we will process your email address to send you marketing communications through Brevo, our email marketing provider. You must opt in to receive these emails, and you can withdraw your consent at any time by:

clicking the unsubscribe link in any marketing email; or
emailing us at inbox@domaindash.io.

This processing also complies with the Privacy and Electronic Communications Regulations 2003 (PECR), Regulation 22, which requires your prior consent before we send you electronic marketing communications.

We also rely on consent where a visitor subscribes to one of your public status pages. They provide their email address through the status page's opt-in subscribe form, and we use it for the single purpose of telling them once when the related incident is resolved. They can withdraw consent at any time, and we delete the address automatically 30 days after the resolution notice is sent.

Legitimate interest (Article 6(1)(f))

We keep a security audit log of significant actions taken in your account, and short-lived session records, which include your IP address and browser user-agent. Our legitimate interest is to keep accounts secure, investigate suspected misuse, and prevent fraud. We have assessed that this processing does not override your rights and freedoms because the data is limited to what security and forensics require, is not used to build any profile of you, and is retained no longer than needed for that purpose.

We use Plausible, a privacy-focused analytics tool, to understand how visitors use our website so we can improve the service. Plausible does not use cookies and does not track individual visitors. During the course of generating aggregated statistics, Plausible may transiently process minimal personal data such as IP addresses and user-agent strings; however, this data is immediately aggregated and discarded and is never stored in a form that identifies individual visitors. Our legitimate interest in using Plausible is to improve and develop DomainDash. We have assessed that this processing does not override your rights and freedoms because Plausible operates on a privacy-by-design basis, processes only minimal personal data, and retains no data that could be used to identify you.

We also use Bugsnag, an error tracking service, to detect and fix faults in the DomainDash application. Our legitimate interest is keeping the service reliable and secure. Error reports are technical by design: before any report leaves our systems, we automatically remove personal data (email addresses, monitored domain names, phone numbers, and security tokens), and we never include application source code in reports. We have assessed that this processing does not override your rights and freedoms because the reports are minimised at source and are used solely for diagnosing faults.

What we never do

We never sell or rent your personal data, and we never use it for advertising or ad-targeting. We do not use your data to train artificial intelligence or machine-learning models. The only place your data meets an AI model is the Insights feature described in section 4, which uses AWS Bedrock to generate summaries and does not use your inputs or its outputs to train its models.

4. Third-party processors

We share your personal data with the following third-party service providers. These providers fall into three categories: data processors, who process data on our behalf and under our instructions; independent data controllers, who process data for their own purposes under their own privacy policies; and privacy-focused analytics providers, who process minimal personal data with immediate aggregation.

Amazon Web Services (AWS)

We use AWS to host and operate the DomainDash infrastructure, including compute, object storage, caching, and our content delivery network. The core of your account data, website domain names, and monitoring data is stored on AWS servers located in Ireland. We also use two AWS services to deliver notifications: Amazon SES sends our transactional and alert emails (recipient email address and message content), and Amazon SNS sends SMS alerts to the phone number you have verified (phone number and message content). AWS acts as a data processor on our behalf in each case.

Tiger Data (Timescale Cloud)

Our primary database runs on Tiger Data's Timescale Cloud, which stores the bulk of our persistent data: account, team, billing, monitoring configuration, check history, and integration details. Sensitive fields such as phone numbers and two-factor authentication secrets are encrypted at rest. The database is hosted in Ireland (eu-west-1), within the EEA. Timescale Cloud is operated by Timescale, Inc., a US company, whose support staff may access the database from outside the EEA where necessary to support the service; this access is covered by the safeguards described in section 7. Tiger Data acts as a data processor on our behalf.

AWS Bedrock (Insights)

We use AWS Bedrock to generate the plain-English "Insights" that summarise your monitoring data on your dashboard, site pages, and status pages. To write these summaries, Bedrock receives only the monitored domains, the display names you have chosen, and aggregated check and incident data — never your name, contact details, integration credentials, or login secrets. Inference runs within the EEA on a cross-region basis. Your data is not used to train Bedrock's underlying models, and the generated summaries are held only in a short-lived cache. AWS acts as a data processor on our behalf.

Stripe

We use Stripe to process payments. When you make a payment, Stripe collects and processes your payment card details directly. We do not receive or store your full card details. Stripe acts as an independent data controller for the payment data it collects under its own privacy policy. Stripe processes data in the UK, the EU, and the United States; see section 7 for the safeguards that apply.

Slack

If you connect a Slack workspace to receive alerts, we share the relevant site domain, incident type and severity, and links back to DomainDash with Slack so that your alerts can be delivered to the channels you have chosen. We only share this once you have connected Slack, and only what is needed to post the alert. Slack processes this data on servers in the United States; see section 7 for the safeguards that apply. Slack acts as a data processor on our behalf.

Brevo

If you opt in to receive marketing emails, we share your email address with Brevo, our email marketing provider. Brevo processes your email address solely to deliver our marketing communications on our behalf, on servers located within the European Economic Area.

Plausible

We use Plausible for privacy-focused website analytics. Plausible operates on a privacy-by-design basis and does not use cookies. During the generation of aggregated usage statistics, Plausible may transiently process minimal personal data such as IP addresses and user-agent strings, but this data is immediately aggregated and discarded. Plausible does not store any data that identifies individual visitors and does not track users across websites.

Chatwoot

We use Chatwoot to run our customer support chat and to manage support conversations. If you contact us for support, Chatwoot processes whatever information you choose to share in that conversation, on our behalf and under our instructions. Our Chatwoot account is hosted in the European Union. Chatwoot acts as a data processor on our behalf.

Bugsnag

We use Bugsnag, an error tracking service operated by SmartBear Software Inc., to detect and diagnose faults in the DomainDash application. When something goes wrong, a technical report (the type of error, where in our code it happened, and related technical context) is sent to Bugsnag. We automatically remove personal data (email addresses, monitored domain names, phone numbers, and security tokens) from these reports before they are sent, and we do not include application source code in them. Bugsnag processes these reports on servers located in the United States and acts as a data processor on our behalf. See section 7 for the safeguards that apply to this transfer.

5. Cookies

DomainDash uses session cookies solely for login and authentication purposes. These are strictly necessary cookies required for the service to function, and they do not require your consent under the Privacy and Electronic Communications Regulations 2003 (PECR).

We do not use any third-party tracking cookies. Plausible, our analytics provider, is entirely cookie-free.

6. Data retention

We retain your account and configuration data (your name, email address, timezone, website domain names, billing details, and integration settings) for as long as your DomainDash account remains active.

Check history (your uptime, SSL, DNS, and domain results, and resolved incidents) is kept on a rolling basis according to your plan: the longer your plan's retention window, the further back your history goes. Older results are deleted automatically once they pass that window. Some categories are short-lived by design. For example, status-page subscriber emails are deleted 30 days after the resolution notice is sent, phone-number verification codes expire within minutes, and read in-app notifications are cleared after 30 days.

When you delete your account or team, we begin deleting your personal data and monitoring data straight away, and complete the process within 30 days, a window that allows the deletion to flow through to our encrypted backups as they rotate. Two limited exceptions apply: (a) our security audit log keeps a record of the deletion itself for up to a further 30 days before that too is pruned; and (b) Stripe retains its own copy of your billing records under its own data-processing terms, as it is legally required to do for payment records. We do not otherwise retain your personal data after your account has been deleted.

7. International data transfers

Primary data storage

Your personal data is stored and processed primarily on servers located in Ireland, within the European Economic Area (EEA). The United Kingdom recognises the EEA as providing an adequate level of protection for personal data under the UK's data protection adequacy regulations, so no additional transfer safeguards are required for this storage.

Database support access

Our primary database is hosted in Ireland (within the EEA) but is operated by Timescale, Inc., a US company. Its support staff may, where necessary, access the database from the United States to maintain and support the service. This access is protected by appropriate safeguards under Article 46 of the UK GDPR: our data-processing agreement with Timescale, Inc. incorporates the EU Standard Contractual Clauses, together with the UK International Data Transfer Addendum.

Monitoring probes

To provide the checking service, DomainDash runs probes from up to two locations, which may include a location outside the United Kingdom and the EEA. These probes process the domains you have asked us to check and the results of those checks; they do not receive your account, contact, or billing details. Some results (such as WHOIS domain-registration records) can incidentally contain personal data published in public registries. Where this happens, the transfer is necessary for us to perform our contract with you and to deliver the checks you have requested (Article 49(1)(b) of the UK GDPR).

Connected Slack workspaces

If you connect Slack to receive alerts, the alert content described in section 4 is delivered to Slack on servers in the United States. This transfer is protected by appropriate safeguards under Article 46 of the UK GDPR, by way of the Standard Contractual Clauses incorporated into Slack's data-processing terms, and it only takes place once you have chosen to connect Slack.

Error tracking

Bugsnag, our error tracking provider, processes error reports on servers located in the United States, outside the UK and the EEA. This transfer is protected by appropriate safeguards under Article 46 of the UK GDPR: our data processing agreement with SmartBear Software Inc. incorporates the EU Standard Contractual Clauses together with the UK International Data Transfer Addendum. In addition, we minimise what is transferred in the first place — personal data (email addresses, monitored domain names, phone numbers, and security tokens) is automatically removed from every report before it leaves our systems, and application source code is never included.

8. Data security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures are regularly reviewed and updated to reflect current best practices and the nature of the data we process.

While we take all reasonable steps to protect your personal data, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining a high standard of protection.

9. Your rights

Under the UK GDPR, you have the following rights in relation to your personal data:

Right of access (Article 15) — you have the right to request a copy of the personal data we hold about you;
Right to rectification (Article 16) — you have the right to ask us to correct any personal data that is inaccurate or to complete any data that is incomplete;
Right to erasure (Article 17) — you have the right to ask us to delete your personal data. You can do this at any time by deleting your account, which will permanently remove all of your data;
Right to restriction of processing (Article 18) — you have the right to ask us to restrict the processing of your personal data in certain circumstances;
Right to data portability (Article 20) — you have the right to receive your personal data in a structured, commonly used, and machine-readable format; and
Right to object (Article 21) — you have the right to object to the processing of your personal data where we are relying on legitimate interest as the lawful basis.

To exercise any of these rights, please email us at inbox@domaindash.io. We will respond to your request within one month. If a request is especially complex, data protection law allows us up to two further months, but we will always tell you within the first month if that applies, and why.

How to make a complaint to us

If you are ever unhappy with the way we have handled your personal data, you can make a complaint, and we want to hear it. The quickest way to put something right is usually to tell us first. Email us at inbox@domaindash.io, or use the chat widget on our website, and tell us what has happened and what you would like us to put right. You do not need any special form or wording, and anyone whose personal data we hold can complain — you do not need to own a team or even have an account.

Once we have heard from you, we will:

acknowledge your complaint within 30 days of receiving it;
look into it properly, making appropriate enquiries and keeping our response proportionate to what has happened;
keep you posted on progress, and tell you if anything is taking longer than expected; and
tell you the outcome — what we found and what we have done about it.

There is no fixed final deadline, but we respond without undue delay and move as quickly as the complaint allows.

Right to complain to the ICO

If you are unhappy with how we have handled your personal data, or with our response to a complaint, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection.

You can contact the ICO at:

Online: ico.org.uk/make-a-complaint

Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Telephone: 0303 123 1113

We would, however, appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first at inbox@domaindash.io.

10. Children's data

DomainDash is a business-to-business service directed at adult and professional users. The service is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a person under 18, we will take steps to delete that data promptly.

11. Automated decision-making

We do not carry out any automated decision-making or profiling that produces legal effects or similarly significant effects on you.

12. Changes to this policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements. If we make material changes to this policy, we will notify you by email or by posting a prominent notice on the DomainDash website before the changes take effect.

We encourage you to review this policy periodically. The effective date at the top of this policy indicates when it was last updated.

13. Contact us

If you have any questions about this privacy policy or how we handle your personal data, please contact us:

DomainDash Platforms Ltd

Email: inbox@domaindash.io

Registered address: 167-169 Great Portland Street, London, W1W 5PF, England

Company number: 17115864

Privacy policy ​

1. Who we are ​

2. Personal data we collect ​

3. How and why we use your data ​

Contract performance (Article 6(1)(b)) ​

Consent (Article 6(1)(a)) ​

Legitimate interest (Article 6(1)(f)) ​

What we never do ​

4. Third-party processors ​

Amazon Web Services (AWS) ​

Tiger Data (Timescale Cloud) ​

AWS Bedrock (Insights) ​

Stripe ​

Slack ​

Brevo ​

Plausible ​

Chatwoot ​

Bugsnag ​

5. Cookies ​

6. Data retention ​

7. International data transfers ​

Primary data storage ​

Database support access ​

Monitoring probes ​

Connected Slack workspaces ​

Error tracking ​

8. Data security ​

9. Your rights ​

How to make a complaint to us ​

Right to complain to the ICO ​

10. Children's data ​

11. Automated decision-making ​

12. Changes to this policy ​

13. Contact us ​