1. Information We Collect
We collect the following information when you use My-SSL Free:
- Account information: your name, email address, and hashed password.
- Domain information: domain names you register for SSL certificate issuance.
- Technical data: IP addresses (for rate limiting and audit logs), browser session data.
- Cloudflare credentials (optional): Zone ID and API token if you configure DNS-01 validation. These are stored encrypted at rest.
- Webhook configuration (optional): webhook URLs and signing secrets you provide.
2. How We Use Your Information
We use collected information to:
- Issue, renew, and manage SSL certificates on your behalf.
- Send transactional emails (verification, expiry reminders, password resets).
- Prevent abuse via rate limiting and audit logging.
- Improve the Service and diagnose technical issues.
We do not use your data for advertising. We do not sell your personal data to third parties.
3. Data Storage and Security
All sensitive data (private keys, CA tokens, ACME account keys) is encrypted at rest using AES-256 encryption. Passwords are hashed using bcrypt. Our storage directories are not publicly accessible.
We implement rate limiting, CSRF protection, and audit logging to protect your account.
4. Third-Party Services
The Service relies on:
- Let's Encrypt — the certificate authority that issues your SSL certificates. Your domain name is submitted to Let's Encrypt as part of the ACME protocol. Let's Encrypt's own Privacy Policy applies.
- Cloudflare (optional) — only if you configure DNS-01 validation. Your Cloudflare credentials are used solely to set DNS TXT records for domain verification.
5. Data Retention
We retain your account data for as long as your account is active. Audit logs are retained for 90 days. If you delete a domain or your account, associated private keys and certificate data are deleted from our servers.
6. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you.
- Request correction or deletion of your data.
- Object to or restrict processing of your data.
- Data portability.
To exercise these rights, contact us at the address below.
7. Cookies and Sessions
We use a single session cookie to keep you logged in. This cookie is essential for the Service to function and is not used for tracking. No third-party analytics or advertising cookies are set.
8. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email where possible. Continued use of the Service after changes constitutes acceptance.
9. Contact
For privacy-related enquiries or to exercise your rights, open a support ticket.