Privacy Policy

1. Introduction

is-cool-me ("we", "us", "our") operates the free subdomain service available at this dashboard. This Privacy Policy explains what personal information we collect, how we use it, and what rights you have regarding your data.

2. Information We Collect

We collect the following information when you sign in with GitHub:

• GitHub profile data: your username, display name, avatar URL, and public profile information returned by the GitHub API.
• Email addresses: the email addresses associated with your GitHub account (including private emails if granted), used to contact you about your account.
• OAuth access token: a temporary GitHub access token stored in your server session to make authorised API calls on your behalf.
• Subdomain registrations: the subdomain names, DNS records, and associated metadata you submit through the Service.

We do not collect payment information, passwords, or any data beyond what is necessary to operate the Service.

3. How We Use Your Information

We use the information we collect to:

• Authenticate you and maintain your session.
• Provision and manage your subdomain registrations and DNS records.
• Associate DNS records with your GitHub account for ownership tracking.
• Contact you about your account, policy changes, or abuse reports.
• Detect, investigate, and prevent misuse of the Service.
• Display aggregate, anonymised usage statistics on the dashboard.

4. Data Retention

Session data is stored in memory and expires after 8 hours of inactivity. Subdomain registrations and their associated DNS records are retained in our database for as long as the subdomain is active. If you delete a subdomain or request account deletion, associated data is removed within a reasonable timeframe.

5. Data Sharing

We do not sell, rent, or trade your personal information. We may share data in the following limited circumstances:

• Infrastructure providers: Our hosting and DNS providers process data necessary to deliver the Service (e.g. Cloudflare for DNS propagation).
• Legal obligations: We may disclose information where required by law, court order, or to protect the rights and safety of our users or the public.
• Abuse reports: Subdomain ownership information may be disclosed to parties reporting clear policy violations (e.g. DMCA takedowns).

6. Cookies & Local Storage

We use the following cookies:

• session_id (httpOnly, lax) — identifies your authenticated session on the server. Expires after 8 hours.
• welcome — a short-lived cookie used to display a sign-in confirmation toast. Expires after 8 hours.
• oauth_state — a single-use CSRF token used during the GitHub OAuth flow. Deleted immediately after login.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

7. Third-Party Services

The Service integrates with the following third-party services:

• GitHub OAuth: used for authentication. Your use of GitHub is subject to GitHub's Privacy Statement.
• Cloudflare: used for DNS management. Subject to Cloudflare's Privacy Policy.

8. Security

We take reasonable precautions to protect your data, including CSRF token validation on all state-changing requests, httpOnly session cookies, and encrypted connections (HTTPS in production). However, no system is completely secure, and we cannot guarantee the absolute security of your information.

9. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and associated subdomains by contacting us or using the dashboard.
• Withdraw consent at any time by signing out and ceasing to use the Service.

To exercise these rights, contact us at support@mayank.in.eu.org.

10. Children's Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information without parental consent, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes through the dashboard. Continued use of the Service after changes are posted constitutes acceptance of the revised policy.

12. Contact

If you have questions or concerns about this Privacy Policy, please contact us at support@mayank.in.eu.org or via our Discord server.