Legal

Privacy Policy

Last updated June 11, 2026

This Privacy Policy explains how Trovaru ("Trovaru", "we", "us") collects, uses, and protects your information when you use our domain and SSL operations platform at trovaru.com (the "Service"). By using the Service you agree to the practices described here.

1. Information we collect

We collect only what we need to run the Service:

  • Account information — your first and last name, email address, and (for Google sign-in) your Google account identifier. We never receive or store your Google password.
  • Workspace data — the domains, SSL certificates, DNS records, owners, categories, and notes you add to your workspaces.
  • Registrar credentials — API keys and tokens you connect for Cloudflare, GoDaddy, Namecheap, Porkbun, Route 53, and other registrars. These are stored encrypted and used only to sync the data you ask us to monitor.
  • Billing information — handled by our payment processor, Paddle. We store your plan, subscription status, and billing name, but never your full card number.
  • Usage and technical data — log data such as IP address, browser type, pages viewed, and timestamps, used for security and to improve the Service.
  • Cookies — strictly necessary cookies for authentication and session management. We do not use third-party advertising cookies.

2. How we use your information

  • To provide domain expiry, SSL, and DNS monitoring and to send the alerts you configure.
  • To sync your portfolio from connected registrars.
  • To authenticate you, including via Google sign-in and passwordless magic links.
  • To process subscriptions and send transactional billing email.
  • To secure the Service, detect abuse, and meet legal obligations.

We do not sell your personal information, and we do not use your workspace data to train third-party models.

3. How we share information

We share data only with service providers that help us operate, each bound to protect it:

  • Google — OAuth sign-in.
  • Paddle — subscription billing and payment processing.
  • Brevo — delivery of transactional and notification email.
  • Registrar APIs — Cloudflare, GoDaddy, Namecheap, Porkbun, Route 53, and others you connect, contacted only to read the records you choose to monitor.
  • Infrastructure providers — cloud hosting used to run the Service.

We may also disclose information if required by law or to protect the rights, safety, and security of Trovaru and its users.

4. Data retention

We keep your data for as long as your account is active. DNS change history is retained for up to 30 days. When you delete your account we remove your personal data and workspace contents within 30 days, except where we must retain records to meet legal or accounting obligations.

5. Security

Registrar credentials are encrypted at rest. We use TLS in transit, scoped access controls, and regular security audits (Brakeman, dependency and importmap scans). No system is perfectly secure, but we work hard to protect your data and will notify you of any breach affecting it as required by law.

6. Your rights

You can access, correct, export, or delete your personal data from your account settings, or by contacting us. Depending on your location you may have additional rights under the GDPR or similar laws, including the right to object to or restrict certain processing.

7. International transfers

Trovaru operates from Nepal and uses providers that may process data in other countries. Where required, we rely on appropriate safeguards for international transfers.

8. Children

The Service is not directed to anyone under 16, and we do not knowingly collect their data.

9. Changes to this policy

We may update this policy from time to time. Material changes will be announced on this page with a new "last updated" date, and where appropriate by email.

10. Contact

Questions about this policy or your data? Email privacy@trovaru.com.