Effective date: March 14, 2026 · Last updated: March 14, 2026 · Questions? hello@matchmydomain.com
MatchMyDomain ("we," "us," or "our") operates the website matchmydomain.com (the "Service"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding that information.
By using the Service you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.
Account information — When you sign in via Google or GitHub OAuth, we receive your name, email address, and profile avatar from the OAuth provider. If you sign in with email and password, we store your email address; your password is hashed by our authentication provider (Supabase) and is never stored in plain text.
Domain searches — The domain names you enter for scoring, generation, brand direction, trademark screening, and other tools.
AI tool inputs — Descriptions, brand names, and other text you provide to our AI-powered tools (e.g., the name generator, roast, pitch slide builder).
Support communications — If you email us, we retain the correspondence to resolve your inquiry.
1.2 Information Collected Automatically
Usage analytics — We use Plausible Analytics, a privacy-focused, cookie-free analytics service. Plausible collects aggregated, anonymized page-view data (page URL, referrer, country, device type, browser). No personal identifiers are tracked. No cookies are set.
Server logs — Our hosting provider (Railway) may log IP addresses, request timestamps, and HTTP headers for operational and security purposes. These logs are retained for up to 7 days.
1.3 Payment Information
All payment processing is handled by Stripe. When you purchase bolts or subscribe, your payment details (card number, billing address) are collected and processed directly by Stripe. We never receive, store, or have access to your full card number or bank details. We receive only a transaction confirmation, Stripe customer ID, and subscription status.
2. How We Use Your Information
We use the information we collect to:
Provide the Service — Run domain checks, generate AI-powered results, manage your bolt balance, and deliver tool outputs.
Manage your account — Authenticate your identity, track your bolt balance, and manage subscriptions.
Process payments — Fulfill bolt top-up purchases and subscription billing via Stripe.
Improve the Service — Analyze aggregated usage patterns to fix bugs, improve tool quality, and develop new features.
Communicate with you — Send transactional emails (payment receipts, account notifications). We do not send marketing or promotional emails without your explicit opt-in consent.
Prevent abuse — Enforce rate limits, detect scraping or automated abuse, and protect the integrity of the Service.
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal basis for processing your personal data is:
Contract performance — Processing necessary to provide the Service you signed up for (account management, bolt tracking, tool access).
Legitimate interest — Analytics, security, and fraud prevention, where our interests do not override your fundamental rights.
Consent — Where required, such as for optional marketing communications. You may withdraw consent at any time.
Legal obligation — Where processing is required to comply with applicable law (e.g., tax records for payments).
4. Third-Party Service Providers
We share data with the following third parties only as necessary to operate the Service:
Supabase (supabase.com) — Authentication and database hosting. Stores your account data, search history, and bolt balance. Subject to Supabase's Privacy Policy.
Stripe (stripe.com) — Payment processing. Receives your payment details directly. Subject to Stripe's Privacy Policy.
Anthropic (anthropic.com) — AI model provider. Your tool inputs (domain names, brand descriptions) are sent to Anthropic's Claude API to generate results. Anthropic processes these inputs per their Privacy Policy. Under Anthropic's API terms, inputs sent via the API are not used to train their models.
Plausible Analytics (plausible.io) — Privacy-friendly, cookie-free, GDPR-compliant web analytics. No personal data is collected. Subject to Plausible's Privacy Policy.
Railway (railway.app) — Cloud hosting provider. Our server and Redis instance run on Railway infrastructure. Subject to Railway's Privacy Policy.
We do not sell, rent, or trade your personal information to any third party for advertising or marketing purposes.
5. Cookies and Tracking Technologies
MatchMyDomain does not use cookies for analytics or advertising. Specifically:
No tracking cookies — We use Plausible Analytics, which is entirely cookie-free.
No advertising pixels — We do not use Facebook Pixel, Google Ads, or any retargeting technology.
Authentication tokens — Supabase stores a session token in your browser's local storage to keep you signed in. This is essential for the Service to function and is not used for tracking.
6. Data Sharing and Disclosure
Beyond the third-party providers listed in Section 4, we may disclose your information only if:
Required by law, subpoena, court order, or governmental request.
Necessary to protect the rights, safety, or property of MatchMyDomain, our users, or the public.
Part of a merger, acquisition, or sale of assets, in which case you will be notified before your data is transferred and subject to a different privacy policy.
7. International Data Transfers
Our servers are located in the United States. If you access the Service from outside the US, your information will be transferred to and processed in the US. By using the Service, you consent to this transfer. For EEA/UK users, we rely on Standard Contractual Clauses and adequacy decisions where applicable to ensure appropriate safeguards.
8. Data Retention
Account data — Retained as long as your account is active.
Search history and tool results — Retained as long as your account is active. You may request deletion at any time.
Payment records — Retained for up to 7 years as required for tax and accounting obligations.
Server logs — Retained for up to 7 days, then automatically deleted.
Deleted accounts — Upon account deletion request, we will remove your personal data within 30 days. Some data may persist in encrypted backups for up to 90 days before automatic expiration.
9. Data Security
We implement industry-standard security measures to protect your data:
All data transmitted between your browser and our servers is encrypted via HTTPS/TLS.
Database access is secured with Supabase Row-Level Security (RLS) policies — users can only access their own data.
Payment data is handled by Stripe's PCI DSS Level 1 compliant infrastructure.
API endpoints are protected by rate limiting (Redis-backed) and origin validation.
Security headers (Helmet.js) are set including Content-Security-Policy, X-Frame-Options, and Strict-Transport-Security.
While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
10. Your Privacy Rights
10.1 All Users
Regardless of your location, you have the right to:
Access your personal data we hold.
Correct inaccurate information.
Delete your account and associated data.
Export your data in a portable format upon request.
10.2 EEA, UK, and Swiss Residents (GDPR)
You additionally have the right to:
Restrict or object to processing of your data.
Withdraw consent at any time (without affecting prior processing).
Lodge a complaint with your local data protection authority.
10.3 California Residents (CCPA/CPRA)
Under the California Consumer Privacy Act, you have the right to:
Know what personal information we collect, use, and disclose.
Request deletion of your personal information.
Opt out of the sale of personal information. We do not sell your personal information.
Non-discrimination for exercising your privacy rights.
To exercise any of these rights, email hello@matchmydomain.com. We will respond within 30 days (or within the timeframe required by applicable law).
11. Children's Privacy
The Service is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we learn that we have collected data from a child under the applicable age, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at hello@matchmydomain.com.
12. Data Breach Notification
In the event of a data breach that affects your personal information, we will notify affected users via email within 72 hours of becoming aware of the breach, as required by GDPR and applicable US state breach notification laws. We will also notify the relevant supervisory authority where required.
13. Links to Other Websites
The Service contains links to third-party websites (domain registrars, social platforms, etc.). We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies.
14. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting a prominent notice on the Service or by sending you an email. The "Last updated" date at the top of this page indicates when the policy was last revised. Continued use of the Service after changes constitutes acceptance of the updated policy.
15. Contact Us
If you have questions about this Privacy Policy, your data, or wish to exercise your rights, contact us at: