Privacy

We use self-hosted Matomo to understand how visitors use the site (pages viewed, click patterns, referring sources). Matomo runs on our own server — no data is sent to Google, Meta, or any third-party analytics provider.

For each visit, Matomo records: the pages you view, the time of visit, your approximate country, your browser and device type, your screen resolution, and the referring URL. Your approximate country is derived from your IP address. Before storage, the IP is masked to /24 (the last octet is removed — e.g. 203.0.113.0) so we cannot identify individual devices from analytics records.

Consent: visitors in the EU, EEA, and UK see a banner and Matomo does not load until you click Accept. Visitors elsewhere are tracked by default unless your browser sends Do-Not-Track or Global Privacy Control, both of which we honor. Decline always wins, and clicking Decline after a previous Accept also clears the Matomo cookies on this device.

We also keep a small first-party event log (user_events) for product telemetry — page-view counts, feature usage, and conversion funnels. This relies on legitimate interest (GDPR Art. 6(1)(f)) and is retained for 90 days, then permanently deleted. You can object to this processing through the privacy support form below.

• Account data (email, alert rules, watchlist) — until you delete your account.
• Alert delivery history (what we sent you, when) — 90 days.
• Domain-status observation log — 180 days.
• Admin audit log — 365 days.
• Product analytics (Matomo) — 24 months, IP-masked.
• Support tickets — until resolved + 90 days for follow-up reference.

Permanent corpus (zone-file diffs, DQS scoring outputs) is retained indefinitely as business records. Domain-status observations are about domains, not people; if a row is tied to a user action such as a watchlist, alert, support ticket, or caught claim, it follows the relevant account retention path above.

You can request deletion of your account and associated personal data at any time through the privacy support form. Depending on where you live, you may have rights to access, export, correct, delete, restrict, or object to processing of your personal data.

We use reasonable technical and organisational measures to protect personal data, including HTTPS, access controls, limited production access, secret management, and operational logging. No online service is completely secure, so we cannot guarantee absolute security.

NameNotifier is not intended for children or anyone under 18. We do not knowingly collect personal data from children.

Your data may be processed in countries other than where you live, depending on our infrastructure and service providers.

• nn_session (or __Host-nn_session in production) - session identifier, httpOnly, 30 day TTL. Required for login and the watchlist to work.
• nn_visit - random pseudonymous visit correlation id, httpOnly, 30 day TTL. Ties first-party analytics events to a session without directly identifying you.
• nn_cookie_consent - your Accept/Decline choice, stored in localStorage on this device. Used to gate Matomo without re-prompting on every visit.
• _pk_id.* / _pk_ses.* - Matomo first-party analytics cookies. 13 months / 30 min TTL respectively. Set only after consent (EU/EEA/UK) or unless your browser sends Do-Not-Track or Global Privacy Control.

All cookies are first-party (namenotifier.com origin). We do not use third-party tracking cookies.