Last Updated: July 16, 2026
At Zonemon, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our domain monitoring service.
Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.
1. Information We Collect
1.1 Information You Provide to Us
We collect information you provide directly to us, such as:
- Account Information: Organization name, billing email, and account settings
- User Information: Email address, name, password, role within your organization, and mobile phone number (collected as part of account validation; also used for SMS notifications if you enable them)
- Domain Information: Domain names you add for monitoring and their configuration
- Payment Information: Billing details processed securely through Stripe (we do not store card numbers)
- Team Information: Email addresses of users you invite to your account
- Communications: Information in emails, support requests, or feedback you send us
1.2 Information Collected Automatically
When you use our Service, we automatically collect:
- Log Data: IP address, browser type, operating system, referring URLs, and pages viewed
- Device Information: Device type, unique device identifiers, and mobile network information
- Usage Data: Features used, actions taken, and time spent on the Service
- Cookies: We use cookies and similar tracking technologies to maintain sessions and remember preferences
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve our Service
- Process transactions and send related information
- Send you technical notices, updates, and support messages
- Respond to your comments, questions, and requests
- Monitor and analyze trends, usage, and activities
- Detect, investigate, and prevent fraudulent or illegal activities
- Personalize and improve your experience
- Send marketing communications (with your consent)
3. Information Sharing and Disclosure
We do not sell, trade, or rent your personal information. We may share your information in the following situations:
3.1 Service Providers: We share information with third-party vendors who perform services for us, such as:
- Payment Processing (Stripe): We share billing information to process payments. Stripe handles all credit card data directly and we never store card numbers on our servers
- Cloud Infrastructure (Google Cloud Platform): Our application and data are hosted on GCP with appropriate security measures
- Authentication (Firebase/Google): User authentication and session management
- Email Services: To send transactional emails and notifications
- Analytics Providers: To understand usage patterns and improve our service
3.2 Within Your Organization: Information is shared within your account based on user roles:
- Owners: Full access to all account data and settings
- Admins: Access to most features except billing and account deletion
- Members: Access to domain monitoring and basic features
- Viewers: Read-only access to domain information
3.3 Legal Requirements: We may disclose information if required to do so by law or in response to valid requests by public authorities.
3.4 Business Transfers: If we are involved in a merger, acquisition, or asset sale, your information may be transferred. We will notify you of any such change.
3.5 Aggregated Data: We may share aggregated, non-identifying information publicly or with partners for business or research purposes.
3.6 Consent: We may share information with your consent or at your direction.
3.7 Mobile Information and Text Messaging (SMS): We collect your mobile phone number as part of account validation, and may use it to send you SMS/text messages such as verification codes and alert notifications. Your mobile information will not be sold or shared with third parties or affiliates for promotional or marketing purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. Message and data rates may apply, and message frequency varies. You can reply HELP for help, and you can opt out of SMS notifications at any time by replying STOP to any message.
4. Data Retention
We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this policy. Retention periods include:
- Active Accounts: All data retained while your subscription is active
- Trial Accounts: Domain scan data retained for 90 days (rolling)
- Cancelled Accounts: Data retained for 90 days after cancellation for potential reactivation
- Deleted Accounts: All data permanently deleted within 30 days of deletion request
- Payment Records: Retained as required for tax and accounting purposes (typically 7 years)
- Backup Data: Automated backups retained for 30 days for disaster recovery
- Invitation Data: Pending invitations expire and are deleted after 7 days
- Marketing Communications: Until you unsubscribe
5. Data Security
We implement appropriate technical and organizational measures to protect your information, including:
- Encryption of data in transit and at rest
- Regular security assessments and updates
- Access controls and authentication requirements
- Employee training on data protection
- Incident response procedures
However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.
6. Your Rights and Choices
6.1 Access and Update
You can access and update your account information through your dashboard settings.
6.2 Data Portability
You can request a copy of your data in a structured, machine-readable format.
6.3 Deletion
You can request deletion of your account and associated data, subject to legal retention requirements.
6.4 Marketing Communications
You can opt-out of marketing emails by clicking the unsubscribe link or contacting us.
6.5 Cookies
Most browsers allow you to refuse cookies. However, this may limit Service functionality.
6.6 How to Exercise Your Rights
To make a data subject access, deletion, portability, or correction request, email support@zonemon.io from the email address associated with your account. Please include:
- The type of request (access, deletion, portability, correction, or opt-out)
- The account email and, if applicable, organization name
- Any specific records or domains the request relates to
Response timelines:
- GDPR (EEA/UK): we acknowledge requests within 72 hours and complete them within 30 days, with a possible 60-day extension for complex requests where we will notify you of the reason.
- CCPA (California): we acknowledge requests within 10 business days and complete them within 45 days, with a possible 45-day extension upon written notice.
- Other jurisdictions: we apply the more protective of the GDPR and CCPA timelines unless local law requires faster response.
We may need to verify your identity before completing certain requests; for sensitive requests we will only act after confirming control of the account email. There is no charge for reasonable requests.
7. International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers in accordance with applicable laws.
8. Children's Privacy
Our Service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we learn we have collected such information, we will promptly delete it.
9. California Privacy Rights
California residents have additional rights under the California Consumer Privacy Act (CCPA), including:
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to opt-out of the sale of personal information
- Right to equal service and price
We do not sell personal information.
10. European Privacy Rights
If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including:
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to lodge a complaint with supervisory authorities
11. User Invitations and Team Management
When you invite users to your account:
- We collect the email addresses of invitees
- We send invitation emails on your behalf
- Invitees can accept or decline invitations
- Invitation links expire after 7 days for security
- Account owners can revoke pending invitations
- New users joining via invitation are subject to this Privacy Policy
12. Third-Party Services
Our Service integrates with and may contain links to third-party services:
- Stripe: For payment processing. View Stripe's privacy policy at stripe.com/privacy
- Google/Firebase: For authentication. View Google's privacy policy at policies.google.com/privacy
- External Websites: We are not responsible for the privacy practices of external sites we link to
We encourage you to read the privacy policies of any third-party services you interact with through our Service.
13. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date.
14. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us:
Email: support@zonemon.io
15. Cookie Policy
We use the following types of cookies:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, security, and session management | Session |
| Functional | User preferences (theme, language), account settings | 1 year |
| Analytics | Usage statistics, feature adoption, and performance monitoring | 2 years |
| Payment | Stripe payment processing and fraud prevention | As per Stripe's policy |