Privacy policy

• Your account email, and an optional display name — used to sign you in and to send the rare account email (verification, magic-link, password reset, account-change notice).
• A session cookie scoped to .domynx.app, proving you're signed in across the apex site, the API, and the admin console.
• A salted device fingerprint — a one-way hash of a device-issued identifier on Android, or a random token in browser storage on web. Used to keep your guest session sticky and to enforce one account per device on sign-up. We never see the raw device identifier.
• Tool query history — the domains you look up, generate, or watch, logged server-side so we can rate-limit, defend against abuse, and answer your "what did I run yesterday?" questions. Not shared outside your account.
• A push-notification handle on Android, if you grant the notification permission, so we can send watcher alerts.
• Aggregate, anonymous tool counters — how often a given tool is used overall. No association with any account.

• Run the service: authenticate you, return tool results, store your watchers + portfolio.
• Defend the service: rate-limit per account + per device, ban abusive sessions.
• Deliver email and Android push notifications you opted into.
• Show banner and interstitial ads to the free tier.
• Diagnose crashes on Android so we can fix them in the next release.

We don't sell your data, and we don't combine your account data with advertising telemetry to build a profile of you.

Domynx leans on a small set of industry-standard service providers to keep the lights on. We describe each by its role, not its brand, so this page doesn't need to be reissued every time we change supplier. Each provider acts as a processor under our instructions:

• Advertising partners — serve the banner and interstitial ads on the free tier. They receive your IP address, an operating-system-issued advertising identifier (resettable in your device settings), basic device and browser metadata, and standard ad-impression telemetry.
• An email delivery provider — sends sign-in, verification, and account-change emails. Sees the recipient address and the message body.
• A push notification service — relays Android watcher alerts to your device. Sees your push registration token and the alert payload.
• A crash diagnostics service — receives stack traces, your current screen route, operating-system + device model, and a redacted breadcrumb trail when the Android app crashes. No request bodies. No auth tokens.
• A managed database provider — stores your account data at rest, in the European Union, behind HTTPS.
• A network edge provider — terminates HTTPS and absorbs DDoS attempts in front of every request to *.domynx.app. Sees request metadata.
• The operating-system platform that hosts the Domynx app (Android, the web browser, the app store you installed from). These platforms see what they ordinarily see about any installed app.

For all of the above, Domynx is the data controller and the named role is a data processor. We do not sell your data.

The free tier is ad-supported. Your operating system supplies our advertising partners with a resettable identifier — reset or limit it any time from your device settings (on Android, Settings → Privacy → Ads). We don't link that identifier to your account record, and an ad-blocker is fine; we show a one-line reminder asking for an allowlist but never lock the UI.

A one-time in-app purchase to remove ads is coming. Until it lands, the AD-SUPPORTED card on Profile reflects the current state.

• No first-party analytics, no first-party tracking pixels, no marketing-page trackers.
• No social-graph data, no contacts, no location.
• No payment information yet. When the ad-removal purchase ships, it'll be billed by the app store layer — card details never reach our servers.

Application data sits in a managed Postgres instance in the European Union. Every byte transits HTTPS with secure-cookie defaults. Server-side request logs rotate on a standard schedule. Crash reports are retained no longer than 90 days.

• View — your account email, watchers, portfolio, and history are all visible inside the app on Profile and the relevant tabs.
• Correct — change your display name, email, or password from Profile.
• Export — email us; we'll send a JSON dump of everything tied to your account within 7 days.
• Delete — see the dedicated Account deletion page, which covers both the in-app path and the email path for users who've already uninstalled.

Email [email protected] for any privacy question or to exercise any of the rights above. We reply.

If we materially change what we collect or who processes it, we'll show a notice at sign-in. Continuing to use Domynx after that counts as acceptance. Minor wording fixes are made silently — the Last updated date at the top always reflects the latest revision.