Privacy Policy

Heurys, LLC ("Heurys," "we," "us," or "our") operates the heurys.com website and the Heurys domain security platform (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our Service.

1. Information We Collect

Personal Information You Provide

When you create an account, subscribe to a plan, or contact us, we may collect:

• Name and email address
• Company or organization name
• Billing information (processed securely by Stripe — we never store your full card number)
• Domain names you add to your account for monitoring
• Any information you provide when contacting support

Information Collected Automatically

When you access the Service, we automatically collect certain information, including:

• IP address and approximate geographic location
• Browser type, operating system, and device information
• Pages visited, time spent on pages, and navigation paths
• Referring URL and exit pages
• Date and time of access

Domain Scan Data

When you use Heurys to scan domains, we collect publicly available DNS records, SSL/TLS certificate information, email authentication configurations (SPF, DKIM, DMARC, MTA-STS), and other security-related data. This information is derived from public sources and is not considered personal data.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process transactions and send billing-related communications
• Send you security alerts, scan reports, and monitoring notifications
• Respond to your requests, comments, or questions
• Analyze usage patterns to improve user experience and product features
• Detect, prevent, and address technical issues or security threats
• Comply with legal obligations

3. Data Storage & Security

We take the security of your data seriously. Your information is stored on secure servers and we implement industry-standard security measures, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Regular security audits and vulnerability assessments
• Access controls and authentication mechanisms
• Regular backups with encrypted storage

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

4. Third-Party Services

We use trusted third-party services to operate the Service. These providers have access to your personal information only to perform specific tasks on our behalf and are obligated not to disclose or use it for other purposes.

Stripe (Payment Processing)

We use Stripe to process subscription payments. When you provide payment information, it is sent directly to Stripe's secure servers. We do not store your full credit card number, CVC, or expiration date. Stripe's privacy policy is available at stripe.com/privacy.

Resend (Transactional Email)

We use Resend to deliver transactional emails such as account verification, password resets, scan reports, and security alerts. Resend processes your email address to deliver these messages. Resend's privacy policy is available at resend.com/legal/privacy-policy.

5. Cookies

We use cookies and similar tracking technologies to enhance your experience on our Service. Cookies are small data files stored on your device that help us remember your preferences and understand how you use the Service.

We use the following types of cookies:

• Essential cookies: Required for the Service to function properly, including authentication and session management.
• Analytics cookies: Help us understand how visitors interact with the Service so we can improve it.
• Preference cookies: Remember your settings and preferences for a better experience.

For more details, please see our Cookie Policy.

6. Your Rights

Depending on your location, you may have certain rights regarding your personal information.

For European Users (GDPR)

If you are a resident of the European Economic Area (EEA), you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate personal data
• Request deletion of your personal data
• Object to processing of your personal data
• Request restriction of processing your personal data
• Request transfer of your personal data (data portability)
• Withdraw consent at any time where we rely on consent to process your data

For California Residents (CCPA)

If you are a California resident, you have the right to:

• Know what personal information is being collected about you
• Know whether your personal information is sold or disclosed and to whom
• Say no to the sale of personal information (we do not sell your data)
• Access your personal information
• Request deletion of your personal information
• Not be discriminated against for exercising your privacy rights

To exercise any of these rights, please contact us at hello@heurys.com. We will respond to your request within 30 days.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. Specifically:

• Account data: Retained for the duration of your account and up to 30 days after deletion request.
• Billing records: Retained for up to 7 years as required by applicable tax and financial regulations.
• Domain scan history: Retained for the duration of your subscription. Historical scan data may be deleted 90 days after your subscription ends.
• Server logs: Automatically deleted after 90 days.

When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

8. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly.

9. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. If you are located outside the United States and choose to provide information to us, we transfer the data to the United States and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will send an email notification to the address associated with your account. Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

11. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us: