Privacy Policy

Last updated: 2026-06-14 · Version 2026-06-14

1. Introduction

DA.N (“we”, “our”, “us”) operates the domain monitoring platform at domainsavailable.now. This Privacy Policy explains what personal data we collect, why we collect it, the legal bases we rely on, who we share it with, how long we keep it, and the rights you have over it. We act as a data controller under Regulation (EU) 2016/679 (the General Data Protection Regulation, “GDPR”) and the Estonian Personal Data Protection Act.

This Policy applies to visitors of domainsavailable.now and to registered account holders. It does not apply to third-party websites, registrars, or services we link to, each of which has its own privacy policy.

2. Data Controller

The data controller responsible for your personal data is:

OptiRank OÜ
Sepapaja tn 6, Tallinn, 15551, Estonia
Registry code: 16691153 · VAT: EE102594362

For any privacy or data-protection matter — including to exercise the rights described in this Policy — contact us at [email protected]. We have not appointed a Data Protection Officer, as we are not required to under GDPR Art. 37; privacy requests are handled directly by the controller at the address above.

3. Categories of Personal Data We Collect

3.1 Account data

When you create an account we collect your name, email address, and a securely hashed password. If you sign in with Google, we receive your name and email address from Google instead of a password. We also store account settings, your selected plan, and consent records.

3.2 Billing data

For paid plans (Lite, Basic, Advanced) and the optional Page Monitor URL Pack add-on, payments are processed by Stripe. Stripe collects and processes your card or payment details directly; we never receive or store full card numbers. We retain a billing record (plan, amount, currency, VAT, invoice identifiers, billing country, and Stripe customer / subscription identifiers) needed to manage your subscription and meet accounting obligations.

3.3 Usage and content data

We store the data you create while using the platform: saved searches, favorites, lists, domains you monitor (Domain Monitoring and Domain Check), Page Monitor URLs and their results, static site projects and content, and the third-party accounts (Google Search Console, Google Analytics 4, Bing Webmaster, Cloudflare) and registrar API credentials you choose to connect. Credentials for connected services are stored encrypted at rest.

3.4 Technical and analytics data

Our servers automatically log technical data necessary to run and secure the Service: IP address, browser and device type, request timestamps, and pages or endpoints accessed. Separately, and only with your consent, we collect website-usage analytics via Google Tag Manager and Google Analytics 4 (see Section 7 and our Cookie Policy).

3.5 Support communications

If you contact us by email or through a support ticket, we keep your message and our correspondence so we can answer you and improve support.

We do not intentionally collect special categories of personal data (GDPR Art. 9), and we ask that you do not send them to us.

4. Legal Bases for Processing (GDPR Art. 6)

We rely on the following legal bases, depending on the purpose:

  • Performance of a contract (Art. 6(1)(b)) — to create and operate your account, deliver the features of your plan, process payments, and provide support.
  • Legitimate interests (Art. 6(1)(f)) — to keep the Service secure, prevent fraud and abuse, debug and maintain the platform, and understand aggregate usage. We balance these interests against your rights and do not use them where your interests override.
  • Consent (Art. 6(1)(a)) — for non-essential analytics cookies (Google Tag Manager / Google Analytics 4) and any optional marketing emails. You may withdraw consent at any time without affecting prior processing.
  • Legal obligation (Art. 6(1)(c)) — to comply with tax, accounting, and other statutory requirements (for example retaining invoices under Estonian law).

5. Purposes — How We Use Your Data

  • Provide, operate, and maintain the domain monitoring service and the features of your plan
  • Authenticate you and protect your account and our infrastructure
  • Process payments, manage subscriptions, issue invoices, and prevent payment fraud
  • Respond to support requests and send service-related messages (account, security, billing, and transactional notices)
  • Understand aggregate usage and improve and develop features
  • Comply with legal, tax, and accounting obligations and enforce our Terms

6. Processors and Third Parties We Share Data With

We do not sell your personal data. We share it only with service providers (processors) acting on our instructions, and only as needed to run the Service:

  • Hosting / infrastructure provider — our EU-based virtual servers, where the application and database run.
  • Stripe — payment processing and subscription billing. Stripe Privacy Policy
  • Cloudflare — content delivery, DNS, and security in front of this website; and, separately, the Cloudflare account you may connect inside the dashboard for your own zones. Cloudflare Privacy Policy
  • Email delivery — our outbound email provider, used to send transactional messages (activation, magic-link sign-in, password reset, and billing notices).
  • Google (Tag Manager & Analytics 4) — website-usage analytics, loaded only after you click “Accept all” in our cookie banner. Google Privacy Policy
  • Google & Microsoft (optional integrations) — when you connect them, Google Search Console / Analytics 4 and Bing Webmaster process data for the properties you own. These are activated only at your request. Google · Microsoft

We also process domain content through automated AI analysis. Only domain data is processed there — no account or personal data is sent to AI providers. The raw factual domain data we work with is aggregated from multiple public and third-party sources; this is described in our Terms of Service and is independent of your personal data.

We may disclose personal data where required by law, court order, or a lawful request from a competent authority, or to establish, exercise, or defend legal claims.

7. International Transfers

Our primary processing and storage take place on servers within the European Union. Some processors (such as Stripe, Google, Microsoft, and Cloudflare) are global and may process data outside the European Economic Area. Where that happens, the transfer is protected by an appropriate safeguard under GDPR Chapter V — typically an adequacy decision of the European Commission or the European Commission's Standard Contractual Clauses. You may request more information about these safeguards using the contact details above.

8. Retention Periods

We keep personal data only as long as necessary for the purposes it was collected:

  • Account and content data — for as long as your account is active. After you delete your account, we erase or anonymise your personal data within 30 days.
  • Billing and invoice records — retained for 7 years as required by Estonian accounting law, even after account deletion.
  • Consent records — retained for the period needed to demonstrate compliance.
  • Technical logs — retained for a limited period for security and debugging, then deleted or aggregated.

9. Cookies and Analytics

We use strictly necessary cookies to run the Service (for example to keep you signed in) and, only with your consent, analytics cookies set through Google Tag Manager and Google Analytics 4. No analytics scripts load and no analytics data is sent until you click “Accept all” in the cookie banner. You can withdraw analytics consent at any time by clearing the dan_cookie_consent cookie in your browser, after which the banner reappears on your next visit. Full details are in our Cookie Policy.

10. Automated Decision-Making

We do not carry out automated decision-making that produces legal or similarly significant effects about you within the meaning of GDPR Art. 22. Our AI analysis is applied to domain content, not to evaluating individuals.

11. Your Rights Under GDPR

Subject to the conditions in the GDPR, you have the right to:

  • Access — obtain confirmation of whether we process your data and a copy of it (Art. 15)
  • Rectification — correct inaccurate or incomplete data (Art. 16)
  • Erasure — have your data deleted where the conditions are met (“right to be forgotten”, Art. 17)
  • Restriction — restrict processing in certain circumstances (Art. 18)
  • Data portability — receive your data in a structured, commonly used, machine-readable format (Art. 20)
  • Object — object to processing based on our legitimate interests, and to direct marketing at any time (Art. 21)
  • Withdraw consent — where processing is based on consent, withdraw it at any time, without affecting the lawfulness of prior processing (Art. 7(3))

12. How to Exercise Your Rights

To exercise any of these rights, email us at [email protected] from the address associated with your account, or from the dashboard where the relevant control is available (for example deleting your account). We will respond within one month, as required by GDPR; this period may be extended by up to two further months for complex requests, in which case we will tell you. We do not charge a fee unless a request is manifestly unfounded or excessive. We may need to verify your identity before acting.

13. Right to Lodge a Complaint

If you believe our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. Our lead authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, AKI) — www.aki.ee/en. You may also complain to the supervisory authority of your own country of residence. We would appreciate the chance to address your concern first, so please consider contacting us before doing so.

14. Affiliate Links

Some links on this website are affiliate or referral links. When you click these links and make a purchase or sign up for a service, we may earn a commission at no additional cost to you. This helps support the operation and development of the platform.

We have affiliate partnerships with select domain registrars and proxy / infrastructure services. The full set of registrars we integrate with is listed in the API Data Agreement; not every integration is also an affiliate, and partnerships may change without changing this policy. Affiliate relationships do not influence our domain data, ranking, or the information we present.

15. Security

We apply appropriate technical and organisational measures to protect personal data, including encrypted connections (HTTPS), hashed passwords, encryption at rest for sensitive API credentials, and access controls. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If a personal-data breach is likely to result in a risk to your rights and freedoms, we will notify the supervisory authority and, where required, affected users in line with GDPR Art. 33–34.

16. Children's Privacy

The Service is not directed at children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us with personal data, contact us and we will delete it.

17. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the current version. For material changes, we will notify registered users by email or a prominent notice on the website. Continued use of the Service after the changes take effect constitutes acknowledgement of the updated Policy.

18. Contact

Questions about this Privacy Policy or how we handle your data? Contact us at [email protected].