Privacy Policy

This policy applies to everyone who visits ignisfox.com, uses any of our anonymous tools (SSL Check, PFX Converter, Chain Validator, Certificate Transparency Search), or signs up for an Ignisfox account.

When you use anonymous tools:

• SSL Check: the hostname you enter is sent to our server so we can open a TLS handshake. We do not retain hostnames beyond the duration of the request.
• PFX Converter: runs entirely in your browser. Key material and passwords never leave your device.
• Chain Validator: the PEM bundle you paste is sent to our server for parsing only; not retained after the response.
• CT Search: the domain you enter is forwarded to a public Certificate Transparency index (a third-party upstream). The domain itself is not retained on our side.

When you sign up or use the app:

• Account identity: email address, first + last name, organization, and (optional) address. Managed through our authentication provider (Clerk).
• Authentication records: sign-in IP addresses, user-agents, last sign-in times, and MFA status, held by Clerk for security auditing. We can view these when supporting your account.
• Content you upload: certificates, private keys, PFX bundles, PFX passwords, monitored hostnames, push-target host/port/credential configurations, DNS API tokens, and feedback (including optional screenshots).
• Billing data: when you start a paid plan, Stripe collects and stores your payment details. We never see your full card number. We record your Stripe customer ID, subscription state, tier, and plan timestamps.
• Usage events (page views + actions): we record page navigations and signed-in-user actions (cert uploads, monitor adds, etc.) for admin analytics. For these events we never store your raw IP address — only a one-way HMAC-SHA256 hash of it, keyed by an internal secret, so unique-visitor counts work without the data being useful to anyone.
• Public-tool usage: for the free anonymous tools (SSL Check, PFX Converter, Chain Validator, CT Search) we additionally retain your raw IP address for 30 days alongside the query (e.g. the hostname you checked, the domain you searched) for abuse detection and to understand usage patterns. After 30 days the raw IP is NULLed; the anonymised aggregate stays.
• Audit log: every sensitive action (cert upload, cert delete, password reveal, push-target deploy, member invite, billing tier change, etc.) is appended to an immutable audit log keyed to your tenant.

We use personal data to:

• Provision and operate your Ignisfox account.
• Encrypt, store, and return your certificate material when you ask for it.
• Run TLS probes against hostnames you’ve added to your monitor; email you when a status transition happens (ok → expiring, ok → error, etc.).
• Issue and renew ACME certificates on your behalf at the Certificate Authorities you authorise (Let’s Encrypt, ZeroSSL).
• Authenticate and authorise actions against your tenant, including enforcing team roles and tier limits.
• Send transactional emails: welcome, monitor alerts, expiry digests, team invites, auto-renew notifications, Clerk verification codes. No marketing emails without your explicit opt-in.
• Detect abuse and keep the service working (rate limits, fraud monitoring, error telemetry).
• Meet legal obligations (responding to regulators, tax records, abuse reports).

We do not sell your personal data to third parties. We do not use your certificate material or vault contents to train AI models.

Optional in-app AI features (“Explain this cert”, “Explain this host”, “Deploy recipe”) send a small amount of context about the selected item to a third-party model provider (OpenAI or Anthropic, depending on your admin’s configuration) and stream the response back to you.

We send only the metadata needed for the explanation (Common Name, SANs, issuer, validity, algorithm, target type, etc.). We do not send private keys, PFX passwords, or any secret material to the AI provider.

At rest. Certificate payloads, private keys, PFX passwords, and DNS / CA credentials are encrypted with AES-256-GCM. Each tenant has its own data encryption key (DEK), which is itself wrapped by a master key encryption key (KEK) held only on our server infrastructure. The DEK is unwrapped in memory just long enough to decrypt the blob you’re requesting, then zeroed.

In transit. All traffic between you and Ignisfox is TLS 1.2+. We enable HSTS, rotate server-side certificates regularly, and never serve the app over plain HTTP in production.

Isolation. Tenant IDs are enforced on every read and write. Supabase Row-Level Security is enabled as defence-in-depth; all app access goes through the service-role path which we audit.

We use the following third-party services to operate Ignisfox. Each is bound by a data-processing agreement to use your information only for the purpose we contracted them for.

• Clerk — identity, sessions, MFA. Processes email, name, IP, and device metadata.
• Supabase — database + file storage for encrypted cert material, audit log, and app data.
• Vercel — application hosting and edge network; processes request IPs for routing and rate limits.
• Stripe — billing. Processes card details directly; we never see your full card number.
• Resend — transactional email delivery (welcome, alerts, digests, team invites).
• Upstash — rate-limiting store (IP hashes + counters only; no personal data).
• Sentry — error monitoring. Stack traces may incidentally include URL paths; we scrub obvious secrets before submission.
• OpenAI / Anthropic — only when you use the optional AI features above.

A data processing addendum (DPA) tailored to your jurisdiction is available on request for paid plans.

We use a small number of cookies / localStorage values:

• Essential — Clerk session cookies (to keep you signed in) and our own CSRF protection. Required for the app to work; can’t be disabled.
• Preferences — UI state (nav open/closed, timezone detection). Stored in localStorage on your device; never sent to our server.
• Analytics — our own self-hosted analytics record page views. No third-party trackers. IPs are hashed (never stored raw). You can opt out via the cookie banner.

We do not use advertising cookies, cross-site tracking, or third-party analytics services.

Account data is retained for as long as your account is active, and for up to 30 days after you delete your account (to allow recovery in case of mistaken deletion). After that window, encrypted tenant data is cryptographically unrecoverable — the tenant-level key is gone.

Audit log: retained indefinitely, even after account deletion, because it may reference actions across tenants (e.g. support interventions by an admin). Tenant references are NULLed when the tenant is deleted.

Usage events: retained for at least 90 days (configurable by the operator up to longer windows). Only IP hashes are stored, never raw IPs.

Billing records: retained as required by tax law in the jurisdiction where we’re registered (typically 7 years).

Support email: messages you send us are retained for up to 2 years so we can reference historical context when you write back.

Depending on where you live, you may have the right to access, correct, export, port, restrict, object to processing of, or delete your personal data. You can act on most of these yourself:

• Access + correct: Settings → Profile.
• Export: vault metadata as CSV is downloadable from the Cert Vault page. Broader exports on request.
• Delete: Settings → Profile → Danger Zone. One-click account deletion. Encrypted data is destroyed within 30 days.

For any request we can’t serve in-app, email support@ignisfox.com. We respond within the statutory window for your jurisdiction — 30 days for GDPR, 45 days for CCPA, etc.

Our servers run on Vercel’s global network; your data may be stored and processed in data centers outside your country of residence. We rely on the European Commission’s Standard Contractual Clauses and our sub-processors’ own data-residency commitments when transferring personal data out of the EEA / UK.

Ignisfox is not intended for children under 16. We do not knowingly collect personal data from minors. If you believe a child has given us personal information, email support@ignisfox.com and we’ll delete it.

We update this policy when our practices change. Material changes are announced via in-app notice and an updated effective date at the top of this page. Continued use of Ignisfox after changes take effect constitutes acceptance.

Privacy questions, data-subject requests, or complaints: support@ignisfox.com. If you believe we haven’t resolved your concern appropriately, you have the right to lodge a complaint with your local data protection authority.