At mycentral.domains ("we," "our," or "us"), a service operated by Central Domains LLC, a Wyoming Limited Liability Company, your privacy is a top priority. This Privacy Policy explains how we collect, use, store, and share your information when you use our website, web platform, and My Central Domains iOS application (collectively, the "Services").
1. Summary of Data We Collect
The table below summarises the categories of personal data we collect, in line with the Apple App Store privacy nutrition label taxonomy. Each row links to the detailed section that follows.
| Category | Examples | Purpose | Linked to you? | Used for tracking? |
|---|---|---|---|---|
| Contact Info | Name (optional), email address | Account management, app functionality | Yes | No |
| Identifiers | User ID / account ID | App functionality, fraud prevention | Yes | No |
| User Content | Domain portfolio, encrypted registrar API credentials, DNS records, support messages | App functionality | Yes | No |
| Usage Data | Pages viewed, features used, interaction patterns | Analytics, app functionality | Web only* | No |
| Diagnostics | Crash logs, performance metrics | App functionality, product improvement | No | No |
* The iOS app does not include an analytics SDK and does not link usage data to your identity. Aggregate, anonymised app usage may be reported to Apple via MetricKit only if you opt in under iOS Settings → Privacy & Security → Analytics & Improvements; that data is anonymised by iOS before delivery and is never received by us in identifiable form.
We do not use your data for tracking purposes as defined by Apple's App Tracking Transparency (ATT) framework. We do not share your data with data brokers, do not engage in cross-app or cross-site advertising, and do not use the iOS Advertising Identifier (IDFA).
2. Information We Collect
2.1 Information You Provide
- Account Information — email address (required) and optionally a display name when you register or update your profile.
- Third-Party Sign-In (Apple, Google, Facebook) — when you choose to sign in with Apple, Google, or Facebook, you authenticate via that provider's OAuth or OpenID Connect flow. We receive only the information that provider hands back to us — typically your verified email (or Apple's private relay address if you chose to hide your email), display name, and profile picture URL where available. We never receive your password, your contacts, or any data beyond what is necessary to authenticate. You may revoke this connection at any time from your provider's account settings (Apple ID → Sign in with Apple, Google → Security → Third-party access, Facebook → Apps and Websites).
- Payment Information — billing address and payment method details are entered directly into Stripe's secure payment form. We never receive or store your full card number, CVV, or expiry date. We retain only the Stripe customer ID, the last 4 digits of your card (for receipts), and your subscription status.
- Registrar API Credentials — API keys, API secrets, and access tokens for third-party domain registrars (GoDaddy, Namecheap, Cloudflare, Porkbun, Squarespace, and other supported registrars) that you voluntarily provide to connect your accounts. These credentials are encrypted at rest using AES-256-GCM encryption and are decrypted only on our servers at the time of a sync request. We do not share your registrar credentials with any third party other than the registrar they belong to.
- Domain Data — domain names, DNS records, expiry dates, and WHOIS information imported from connected registrars.
- Web3 Wallet Data — public wallet addresses and ENS / Unstoppable Domains data when you connect a wallet via Sign-In With Ethereum (SIWE).
- Customer Support Communications — messages, attachments, and any data you provide when contacting [email protected]. These are retained as customer support records.
2.2 Information Collected Automatically
- Usage Data (Product Interaction) — on the web, pages and screens viewed, features used, taps, clicks, and timestamps are collected via Vercel Analytics. The iOS app does not include any analytics SDK or session-recording library; we do not collect linked in-app usage data from iOS. Apple may collect anonymous app-usage metrics on its own via MetricKit only when you have enabled "Share With App Developers" in iOS Settings — that data is anonymised by iOS and never linked to your account.
- Device & Network Data — IP address, browser type, operating system, device model, and OS version. Used for security, fraud prevention, and basic performance optimisation.
- Diagnostics — crash logs, error reports, and performance data (launch time, hang rate, energy use). On iOS this includes data shared via Apple's built-in diagnostics reporting only when you opt in via iOS Settings → Privacy & Security → Analytics & Improvements. Diagnostic data is not linked to your account identity.
- Cookies & Similar Technologies — see Section 6 below.
2.3 Information We Do NOT Collect
We do not access, request, or collect any of the following from your device or account: precise or coarse location, contacts, photos, videos, microphone or camera input, health or fitness data, financial information beyond what is described above, browsing history outside our Services, search history outside our Services, sensitive personal information (race, religion, sexual orientation, etc.), or biometric data.
3. How We Use Your Information
- Provide, maintain, and improve our platform and Services.
- Authenticate users and secure accounts.
- Process transactions and send related notifications from [email protected].
- Send billing-related communications from [email protected].
- Detect, prevent, and address fraud, abuse, and security issues.
- Generate AI-powered insights (domain valuation, renewal recommendations) using aggregated and anonymised data. We do not use customer registrar credentials, payment data, or personally identifiable information for training third-party AI models.
- Comply with legal obligations and enforce our Terms of Service.
4. How We Share Your Information
We do not sell your personal data and we do not use it for tracking as defined by Apple's App Tracking Transparency framework. We share data only with the following categories of recipients:
4.1 Service Providers (Sub-processors)
| Provider | Purpose | Data shared | Region |
|---|---|---|---|
| Supabase, Inc. | Authentication, database, file storage | Email, user ID, encrypted credentials, domain data, support messages | US / EU |
| Vercel, Inc. | Web hosting, edge network, analytics | IP address, browser data, page-view events | US / EU |
| Cloudflare, Inc. | DNS, CDN, DDoS protection | IP address, request metadata | Global edge |
| Stripe, Inc. | Payment processing, subscription billing | Email, billing address, card data (entered directly into Stripe) | US / EU |
| Resend (Resend Inc.) | Transactional and account email delivery | Email address, message content | US |
| Apple Inc. | iOS Sign in with Apple (when chosen), App Store / StoreKit subscription processing for iOS in-app purchases | Verified email / relay address, subscription state | US |
| Google LLC | Sign in with Google (when chosen) | Verified email, name, profile picture URL | US |
| Meta Platforms, Inc. | Sign in with Facebook (when chosen) | Verified email, name, profile picture URL | US |
| Connected registrars | Domain management API operations you initiate | Your API credentials and domain operation requests | Per registrar |
Each sub-processor is bound by a Data Processing Agreement (DPA) and may process your data only as necessary to provide the contracted service.
4.2 Other Recipients
- Legal Compliance — when required by law, subpoena, court order, or government request.
- Business Transfers — in connection with a merger, acquisition, or sale of assets, with advance notice to you and continued protection under terms equivalent to this Policy.
5. iOS Application — Apple-Specific Disclosures
Our iOS application My Central Domains collects the same categories of data described above. The following clarifications apply specifically to the iOS app:
- No tracking — we do not engage in tracking as defined by Apple's App Tracking Transparency (ATT) framework. The app does not request the IDFA, does not link your data with third-party data for advertising or advertising measurement, and does not share your data with a data broker.
- No advertising — the iOS app contains no advertising, third-party ad networks, or ad-related SDKs.
- Permissions we request — the iOS app requests only Face ID / Touch ID, and only when you confirm high-risk domain actions (renewal, transfer, DNS change). Biometric data never leaves your device — iOS performs the match locally via the Secure Enclave and only returns a success/failure signal to the app.
- Permissions we do not request — Location, Contacts, Photos, Camera, Microphone, Calendar, Reminders, Health, Motion & Fitness, Bluetooth, Local Network, and (currently) Notifications. The app does not access these APIs.
- On-device storage — authentication tokens (your Supabase access and refresh tokens) are stored in the iOS Keychain, encrypted and accessible only to this app. A read-only cache of your portfolio (domain names, expiry dates, AI-estimated values) is held in the app sandbox to keep the UI responsive offline. Both are wiped when you sign out, delete your account, or uninstall the app.
- In-app purchases — subscriptions purchased through the iOS app are processed by Apple's StoreKit. We never see your card number, billing address, or any other payment detail on iOS; Apple sends us only the anonymous subscription state. Stripe is used for web-based subscriptions only.
- Account deletion — you can permanently delete your account and all server-side data from inside the iOS app via Profile → Security → Delete Account. This calls a server function that removes your domains, profile, registrar connections, and the underlying authentication record. Deletion is immediate (you cannot sign back in with the same email afterwards). See Section 7 for retention exceptions.
- Diagnostics — crash and performance data is collected only via Apple's built-in framework when you have enabled "Share With App Developers" in iOS Settings. This data is anonymised by iOS before delivery and is not linked to your account identity.
- Children — the iOS app is rated 4+ (suitable for all ages) but is not directed at children under 13. We do not knowingly collect personal data from children — see Section 10.
6. Cookies & Tracking
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, security, session management | Session / 30 days |
| Analytics | Understand usage patterns (Vercel Analytics) | 1 year |
| Preferences | Theme settings, language preferences | 1 year |
You can manage cookie preferences in your browser settings. Disabling essential cookies may affect platform functionality. Cookies are not used in the iOS application.
7. Data Retention
We retain your personal data for as long as your account is active or as needed to provide Services. Upon account deletion, we will remove your data within 30 days, except where we are required to retain it for legal, accounting, tax, or compliance purposes (typically up to 7 years for billing records). Encrypted registrar credentials are deleted immediately upon disconnect or account deletion.
8. Data Security
We implement industry-standard security measures including TLS 1.3 encryption in transit, AES-256-GCM encryption at rest for sensitive credentials, role- based access control, audit logging, and regular security reviews. For details, see our Security page.
9. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access, correct, or delete your personal data.
- Port your data to another service.
- Object to or restrict certain processing.
- Withdraw consent at any time (where consent is the legal basis).
- Lodge a complaint with a supervisory authority (for EEA, UK, and Swiss residents).
To exercise these rights, you can delete your account at any time from Profile → Security → Delete Account in the iOS app or from the web dashboard, or email [email protected]. We will respond within 30 days.
For GDPR-specific rights, see our GDPR Compliance page.
10. Children's Privacy
Our Services are not directed to children. We do not knowingly collect personal data from children under 13 years of age (or under 16 in the European Economic Area, the United Kingdom, and other jurisdictions where the GDPR digital-consent age applies). If you believe a child has provided us with personal data, please contact [email protected] and we will delete the data promptly.
11. International Data Transfers
Your data may be processed in the United States and the European Union. Where data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) or adequacy decisions to ensure adequate protection.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on our platform at least 30 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.
13. Contact Us
Central Domains LLC
1309 Coffeen Avenue STE 19311
Sheridan, Wyoming 82801
United States
Registered Agent: Andrew Pierce
| Purpose | Contact |
|---|---|
| Privacy inquiries & data requests | [email protected] |
| General support | [email protected] |
| Report abuse | [email protected] |