Your data
Privacy Policy
Last updated · July 18, 2026
This page is maintained by Domainry to answer common questions about how we handle personal data on the Domainry marketplace. It is app-owner editable content, not an independent certification.
1. What we collect
- Account data: email address, display name, hashed password (via our auth provider), optional avatar and profile slug.
- Listing data: domains you list, prices, descriptions, categories, and media you upload.
- Transactional data: order and lease records, payout preferences, invoice metadata. Card details are handled by Stripe and never touch our servers.
- Usage data: pages viewed, listings favourited, search terms, click events on drops, and coarse device/viewport information for analytics and abuse-prevention.
- Support & messages: content of messages, offers, and support tickets you send through the platform.
2. How we use it
- Operate the marketplace (accounts, listings, bidding, checkout, rentals, promotions).
- Prevent fraud, spam, and abuse — including rate limiting, Turnstile challenges, and audit logging.
- Provide analytics dashboards to sellers about their own listings.
- Send transactional email (receipts, bid updates, watch alerts) and, if you opt in, marketing email.
- Improve product quality and diagnose errors via structured logs and correlation IDs.
3. Legal bases (GDPR/UK GDPR)
- Contract — to provide the marketplace you signed up for.
- Legitimate interests — fraud prevention, security, product analytics, and communicating about your account.
- Consent — non-essential cookies and marketing email; you can withdraw at any time.
- Legal obligation — tax, accounting, and lawful requests.
4. Sharing
We share the minimum data necessary with the processors that keep the platform running:
- Stripe — payments, payouts, tax IDs.
- Supabase — database, storage, and authentication.
- Humbleworth — domain valuations (domain name only).
- Semrush — SEO reports you purchase (domain name only).
- RDAP registries — availability lookups (domain name only).
- Cloudflare Turnstile — bot protection.
We do not sell personal data. We may disclose data to comply with law or a valid legal request.
5. Retention
Account data is kept while your account is open and for up to 24 months after closure for fraud prevention and accounting. Transaction records are kept for the minimum period required by tax and accounting law (typically 6–7 years). Structured logs are retained for up to 90 days.
6. Your rights
Depending on where you live you may have rights to access, correct, delete, port, or restrict processing of your personal data, and to object to certain processing. Contact us at privacy@domainry.app. You may also lodge a complaint with your local data protection authority (in the UK, the ICO).
7. International transfers
Our processors may store or process data outside your region. Where applicable, transfers are protected by Standard Contractual Clauses and additional safeguards.
8. Security
We use industry-standard controls including TLS in transit, row-level security in the database, hashed passwords, rate limiting, admin CSRF protection, and signed CI artefacts (SBOMs). No system is perfectly secure — please use a strong, unique password and enable multi-factor authentication where offered.
9. Children
Domainry is not directed to children under 16. Do not use the platform if you are under the minimum age.
10. Changes
We will post material changes here and, where required, notify you by email. Continued use after the effective date constitutes acceptance.
11. Contact
Data controller: Domainry. Email privacy@domainry.app.