Skip to content

Effective date: May 24, 2026

Privacy Policy

This Privacy Policy explains how Certimon, operated by ThinkingBytes, collects and uses information when you use the SSL certificate monitoring service, Telegram bot, web dashboard, email magic-link sign-up, and alerting integrations.

1. Information we collect

We collect the information needed to run the service: Telegram chat IDs and Telegram profile fields returned by Telegram Login, email addresses used for magic-link sign-up, domains you monitor, reminder windows, certificate metadata returned by public TLS handshakes, alerting destinations and rules, operational logs, rate-limit counters, and session cookies for the dashboard.

2. Information we do not need

Certimon does not need or intentionally collect TLS private keys, certificate file contents, payment card details, website traffic, request bodies from your sites, or Telegram messages other than commands and interactions directed to the Certimon bot.

3. How we use information

We use the information to create and secure accounts, send magic-link emails, verify Telegram logins, check certificate expiry, show dashboard state, deliver alerts, troubleshoot failures, prevent abuse, improve reliability, and comply with legal obligations.

4. Email magic links

If you sign up or sign in by email, Certimon stores your normalized email address and sends a one-time, time-limited link. The raw token is sent only in the email link; the database stores a hash and records when the token is consumed or expires.

5. Cookies and analytics

The app dashboard uses a session cookie to keep you signed in. The marketing site may use analytics to understand page usage and improve the site. You can control cookies through your browser settings, but disabling required session cookies may prevent dashboard login from working.

6. Third-party processors

Certimon may use third-party services to provide hosting, email delivery, Telegram authentication and bot messaging, Microsoft Teams, PagerDuty, webhook delivery, analytics, logging, and infrastructure operations. These providers process data only as needed for the service features you use.

7. Retention

We keep account, domain, reminder, and integration records while they are needed to provide the service. Operational logs, magic-link tokens, and throttling records may be kept for security, debugging, and abuse prevention, then deleted or aggregated when no longer needed. You can ask for account or data deletion using the contact details below.

8. Security

We use practical safeguards such as signed session cookies, signed and one-time magic-link tokens, hashed stored token values, webhook secret checks, and secret redaction in the dashboard. No internet service can be guaranteed completely secure, so you should protect your email inbox, Telegram account, and integration credentials.

9. Your choices

You can delete reminders, remove alerting destinations, log out of the dashboard, stop the Telegram bot, or contact us to request access, correction, export, or deletion of personal data. Some records may be retained where required for security, legal compliance, or dispute handling.

10. Contact

For privacy requests or questions, email [email protected].