Privacy

What we collect, and what we don't.

Tidelock watches certificates, not people. We collect the minimum we need to run the service and tell you about expiries. Here's the whole picture.

Last updated: 25 April 2026

Who we are

Tidelock, Inc. ("Tidelock", "we", "us") operates this website and the Tidelock service. If you have questions about anything below, email privacy@tidelock.dev.

What we collect

Three buckets, nothing else:

  • Account info. The email you sign up with, the domains you ask us to monitor, and your alert preferences.
  • Certificate data. Public certificate metadata (issuer, validity window, common names) discovered via Certificate Transparency logs and direct TLS handshakes against your domains. This is the same information any browser sees when it loads your site.
  • Usage and logs. Standard server logs (IP address, user agent, request times) for security and debugging, kept for 30 days.

What we don't collect

No private keys, no certificate contents beyond what's publicly visible, no traffic from your sites. We never see anything that isn't already exposed to the public internet.

How we use it

To run the checks you signed up for, send the alerts you configured, bill you (when paid plans launch), and keep the service secure. That's it. We don't sell or rent your data, and we don't use it to train AI models.

Who we share it with

A short list of processors who help us run the service:

  • Cloud hosting (server infrastructure)
  • Email delivery (transactional alerts)
  • Payment processing (when you pay us)
  • Error monitoring (so we notice when things break)

Each processor gets only what they need to do their job. We don't share your data with anyone else without your permission, except where the law requires.

Cookies

We use a single session cookie to keep you signed in. No analytics cookies, no advertising cookies, no third-party tracking on this site.

Your rights

You can ask us to show you the data we hold about you, correct it, or delete it. If you're in the EU/UK, you have these rights under GDPR; if you're elsewhere, we'll honor them anyway. Email privacy@tidelock.dev and we'll respond within 30 days.

Data retention

Account data is kept while your account is active and for 90 days after deletion (in case you change your mind). Logs roll off after 30 days. Backups are encrypted and rotated within 90 days.

Changes to this policy

If we change anything material, we'll email you and update the date at the top. Continued use after a change means you accept the new version.

Questions? privacy@tidelock.dev. We answer every message.