Privacy Policy

Last updated: February 25, 2026

Uptiko ("we", "our", "the app") is a mobile application for monitoring SSL certificates, domain expiry, security headers, and infrastructure changes. We are committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights.

1. Data We Collect

Local Only Mode (Default)

By default, Uptiko stores your data on your device. In this mode:

• Domain list & results: Stored locally in an on-device SQLite database. Your domain list is not stored on our servers.
• Real-time checks: When you scan a domain, the hostname is sent to our backend server for SSL certificate checks and, when needed, WHOIS lookups. Pro features (TLS audit, headers analysis, DNS intelligence) also route through our server. These requests are stateless — the hostname is used only to perform the check and is not logged or stored on our server.
• Third-party lookups: Domain expiry checks are made directly from your device to public RDAP servers operated by domain registries (via IANA). These queries contain only the domain name.
• Settings: Theme preference, notification settings, tags — stored locally.
• No analytics: We do not use any analytics, tracking, or crash reporting SDKs.
• No account: No email, password, or personal information is required.

Cloud Alerts Mode (Opt-In)

If you enable Cloud Alerts, the following data is sent to and stored on our server:

• Domain hostnames: The list of domains you are monitoring (e.g., "example.com"). Stored so our server can check them on a schedule.
• Expo Push Token: A device-specific token used to send push notifications. This is not linked to your identity.
• Notification preferences: How many days before expiry you want to be notified.
• Check results: SSL and domain expiry dates returned by scheduled checks, used to determine when to send alerts.

Our server runs automated checks on your stored domains every 6 hours and sends push notifications when certificates or domains are approaching expiry. A weekly health digest is sent every Monday.

We do not collect your name, email address, IP address, device ID, or any other personally identifiable information.

2. How We Use Your Data

Local mode: Your data is used only within the app on your device to display monitoring results and schedule local notifications.

Cloud mode: Your domain list and push token are used solely to:

• Check your domains for SSL and domain expiry every 6 hours.
• Send push notifications when certificates or domains are about to expire.
• Send optional weekly health digest summaries.

3. Data Storage & Security

• Local data: Stored in an encrypted SQLite database on your device, protected by your device's security.
• Cloud data: Stored on a Hetzner server located in Germany (EU), protected by HTTPS encryption in transit and at rest.
• No third-party databases: We do not use cloud databases. Data is stored in a SQLite file on our server.
• Backups: Server data is not backed up to third-party services.

4. Data Deletion

You have full control over your data:

• Local data: Uninstalling the app removes all local data permanently.
• Cloud data: Disable Cloud Alerts in Settings to trigger an immediate DELETE request that removes all your data from our server. You can also send a DELETE request directly to https://api.uptiko.com/api/sync/:your-push-token.
• No retention: Once deleted, your data cannot be recovered — we have no backups.

5. Third-Party Services

Uptiko uses the following third-party services:

• RevenueCat — Manages in-app subscriptions. RevenueCat receives a pseudonymous app user ID (not linked to your identity) and purchase receipt data from Apple/Google. See RevenueCat's privacy policy.
• Expo Push Notifications — Used to deliver push notifications when Cloud Alerts are enabled. Expo receives the push token and notification content. See Expo's privacy policy.
• RDAP / WHOIS — Domain expiry lookups are made to public RDAP and WHOIS servers. These queries contain only the domain name being looked up.

We do not use Google Analytics, Firebase, Facebook SDK, or any advertising or tracking services.

6. Children's Privacy

Uptiko is not directed at children under the age of 13. We do not knowingly collect personal information from children. Since the app does not require an account or collect personal data, there is no mechanism to identify a user's age.

7. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the app after changes constitutes acceptance of the updated policy.

8. Contact

If you have questions about this privacy policy or your data, contact us at:

Email: privacy@uptiko.com