Privacy Policy
Last updated: June 3, 2026
Primitive Host ("we," "our," or "us") operates the Primitive Host platform (the "Service"), which provides domain intelligence infrastructure — including bulk domain data, a real-time REST API, zone file feeds, and domain registration monitoring — for security and research teams.
This Privacy Policy explains what information we collect, how we use and share it, the legal bases we rely on, and your rights over your data.
1. Information We Collect
Account Information
When you register for an account, we collect your email address, username, and any information you provide in your profile (such as your name or organization). If you subscribe to a paid plan, payment processing is handled by Stripe — we never see or store your full credit card numbers.
Usage Data
When you use the Service — including API requests, domain searches, dashboard interactions, and list views — we log:
- Your IP address and browser user-agent
- The domain names or TLDs you query
- Timestamps and frequency of requests
- Pages visited and features used
We use this data to operate, secure, and improve the Service, for example to troubleshoot errors, monitor performance, and detect abusive or unauthorized use.
Communications
If you contact us via email ([email protected]) or through the waitlist form, we retain your message and contact information to respond and provide support.
2. How We Use Your Data
We use the information we collect to:
- Provide, maintain, and improve the Service
- Authenticate your access and manage your account
- Process payments via Stripe
- Send service-related communications (billing, security notices, product updates)
- Detect, investigate, and prevent abuse, fraud, or unauthorized access
- Comply with legal and regulatory obligations
We do not sell your personal information to third parties. We do not use your data for advertising or ad targeting.
Legal Bases (EEA / UK users)
If you are located in the European Economic Area or the United Kingdom, we process your personal data only where we have a valid legal basis to do so, including:
- Performance of a contract — to provide the Service, manage your account, and process payments when you sign up for and use the Service.
- Legitimate interests — to secure and improve the Service, prevent abuse and fraud, understand how features are used, and communicate with you about service-related issues in a way that does not override your privacy rights.
- Legal obligations — to retain certain records for tax, accounting, and compliance purposes.
- Consent — where required by law for certain optional analytics or cookies; you can withdraw your consent at any time.
3. Data Sharing & Third-Party Services
We share data only with trusted service providers who help us deliver the Service:
- Stripe — payment processing (your payment data goes directly to Stripe; we never store card numbers)
- Google Analytics — usage analytics to understand how the Service is used. We configure Analytics to avoid storing full IP addresses and to disable advertising features.
- Web3Forms — contact and waitlist form submissions
- Cloud hosting provider — server infrastructure and data storage
Each provider acts as our data processor or sub-processor, is contractually bound to use your data only for the purposes of providing their service to us, and must maintain appropriate security controls.
We also maintain a Data Processing Agreement (DPA) and a list of our current subprocessors for customers who require formal data processing terms.
4. Cookies
We use essential cookies for session management and authentication. You cannot opt out of these while using the Service because they are necessary for the platform to function.
We also use Google Analytics cookies (or similar technologies) to understand how the Service is used, such as which pages are visited and which features are popular. These analytics cookies are non-essential and can be blocked via your browser settings or, where available, through our cookie controls.
We configure Analytics to respect applicable privacy requirements (for example, by limiting data retention and disabling advertising / cross-site tracking features). We do not use cookies for advertising or tracking across third-party sites.
5. Data Retention
We retain your account information for as long as your account is active. If you delete your account, we will remove or anonymize your personal data within 30 days, except where we are required by law to retain certain records (e.g., billing history).
Domain query and usage logs are retained for operational and security purposes and are anonymized after 90 days. Anonymization typically means removing or obfuscating direct identifiers (such as IP addresses and account identifiers) so that the data can no longer be linked to an individual user and is used only in aggregate for service improvement and analytics.
6. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access — request a copy of the personal data we hold about you
- Correction — request correction of inaccurate data
- Deletion — request deletion of your personal data
- Portability — request your data in a machine-readable format
- Objection / restriction — object to or request restriction of processing for certain purposes, in particular when we rely on legitimate interests
To exercise any of these rights, email us at [email protected]. We will respond within 30 days, subject to applicable law.
If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority.
7. Security
We implement industry-standard security measures including encryption in transit (TLS 1.3), encrypted storage at rest, regular security audits, and access controls on production systems. No method of transmission over the Internet is 100% secure, but we are committed to protecting your data and continually improving our security practices.
8. Children's Privacy
The Service is intended for security and research professionals. It is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us so we can delete it.
9. International Transfers
Your data may be processed in jurisdictions outside your own (including the United States and other countries where our service providers operate). When we transfer personal data internationally, we use appropriate safeguards, such as Standard Contractual Clauses or equivalent mechanisms, as required by applicable data protection laws.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or by posting a notice on the Service. The "Last updated" date at the top of this page reflects the most recent revision.
11. Contact
If you have questions, concerns, or data requests:
Email: [email protected]
Service: primitive.host