Legal

Privacy Policy

Last updated: 19 April 2026

1. Overview

SupportExpiry ("we", "us") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights. We collect only what is necessary to provide the Service.

2. Data We Collect

Account Data

  • Name and email address (required for registration)
  • Google Account ID (if you sign in with Google)
  • Company name (optional, for workspace profile)
  • Hashed password (never stored in plain text)

Asset Data

  • Infrastructure asset details you enter (vendor, model, software version, lifecycle dates)
  • SSL domain names and certificate expiry dates (from your assets)

Communication Preferences

  • Email address for alert delivery
  • Telegram Chat ID (if you connect Telegram alerts, Pro plan only)

Usage Data

  • API key usage logs (endpoint, timestamp, response code) for rate limiting and billing
  • No browser tracking, cookies, or analytics beyond what Cloudflare logs for DDoS protection

3. How We Use Your Data

  • To provide and operate the Service (lifecycle tracking, alerting)
  • To send email and Telegram alerts about expiring assets
  • To enforce plan limits and rate limiting
  • To send transactional emails (password reset, account notifications)
  • We do not sell your data to third parties
  • We do not use your data for advertising

4. Data Storage and Security

All data is stored in Cloudflare D1 (SQLite on the Cloudflare edge). Data is encrypted at rest and in transit. API keys are stored as SHA-256 hashes — we cannot recover the original key. Passwords are hashed using bcrypt. We use session tokens with expiry, not persistent cookies.

5. Third-Party Services

  • Cloudflare: Infrastructure, edge network, DDoS protection, D1 database, Email Routing
  • Resend: Transactional email delivery (alert emails, notifications)
  • Google Sign-In: Optional OAuth authentication (only if you choose "Sign in with Google")
  • Telegram Bot API: Alert delivery (only if you connect Telegram)
  • endoflife.date: Public EOL/EOS data source (no personal data shared)

6. SSL Domain Probing

When you add an SSL domain, we periodically probe it via a third-party SSL API to retrieve the certificate expiry date. Only the domain name is sent — no credentials or personal data. Probing can be disabled by removing the domain from your asset.

7. Data Retention

Your data is retained for as long as your account is active. When you delete your workspace via Settings, all account data, assets, sessions, and API keys are permanently and immediately deleted from our database. We do not keep backups of deleted accounts.

8. Your Rights

  • Access: You can view all your data via the Dashboard at any time
  • Export: Pro users can export all asset data as CSV
  • Correction: Update your profile and asset data at any time
  • Deletion: Delete your workspace from Settings → Danger Zone at any time
  • Portability: Export your data before deleting your account

9. Children's Privacy

The Service is intended for professional use and is not directed at children under 13. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify active users of material changes via email. The "Last updated" date above indicates when the most recent changes were made.

11. Contact

For privacy-related questions or data requests, contact us at privacy@supportexpiry.com.

Terms of Service →Back to home