Privacy Policy

Last updated: 13 November 2025

1. Who we are

CertObserver is a service operated by Kodhaj AB (org. no. 559537-4868), a company registered in Sweden.

Kodhaj AB is the data controller for the personal data described in this notice.

2. Data we collect

We collect and process:

• Account data - your name and email address when you sign up.
• Service data - hostnames you choose to monitor and email addresses that alerts should be sent to.
• Technical data
  • Standard HTTP server logs (e.g. IP address, requested URLs, timestamps).
  • IP address and user agent for each login session (for security and fraud prevention).
• Billing data
  • If you subscribe, billing details are collected and processed by our payment partner FastSpring, who acts as an independent controller for that data and has its own privacy policy.
  • We receive billing information needed to manage your subscription and invoices. We do not receive your credit card number.

3. Why we use your data (legal bases)

We use your personal data to:

• Provide the service
  • Create and manage your CertObserver account.
  • Monitor the hostnames you configure and send alert emails to the addresses you specify.
  • Legal basis: performance of a contract (GDPR Art. 6(1)(b)).
• Keep the service secure and reliable
  • Detect and prevent abuse, troubleshoot issues, and protect our systems (using logs, IP addresses, user agents and session data).
  • Legal basis: our legitimate interests in operating a secure service (Art. 6(1)(f)).
• Handle payments and legal obligations
  • Manage subscriptions and invoicing together with our billing partner.
  • Keep records required by Swedish/EU accounting and tax law.
  • Legal basis: performance of a contract and legal obligations (Art. 6(1)(b) and 6(1)(c)).

We do not sell your personal data or share it with third parties for their own marketing.

4. Cookies

We use a session cookie to keep you logged in. Without this cookie, the service will not function correctly.

We do not use third-party tracking cookies or advertising cookies.

5. Where your data is processed and who we share it with

We use third-party service providers who process data on our behalf, such as:

• Cloud hosting providers
• Email delivery providers (for sending alert emails and transactional messages)
• Payment providers (for subscriptions and invoicing)

Where possible, these providers process your personal data within the EU/EEA.

If we need to use providers or sub-processors located outside the EU/EEA, we will ensure that appropriate safeguards are in place so that your data remains protected under GDPR-equivalent standards.

We only share personal data with these providers to the extent necessary to operate CertObserver.

6. How long we keep your data

• HTTP logs and session information: Kept for up to 90 days, then deleted or anonymised.
• Account and service data: Kept for as long as you have an active CertObserver account. If you close your account, we delete or anonymise this data, except where we must keep some information for legal, accounting or security reasons.
• Billing and invoicing data: Kept for the period required by Swedish/EU accounting and tax rules (typically several years) and then deleted or anonymised.

7. Your rights

If you are in the EU/EEA (and, in many cases, elsewhere), you have the right to:

• Access your personal data and receive a copy.
• Correct inaccurate or incomplete data.
• Delete your data in certain situations ("right to be forgotten").
• Restrict or object to certain types of processing (for example, processing based on legitimate interests).
• Receive your data in a portable format where technically feasible.

You also have the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us using the contact details below.

8. How to contact us

If you have any questions or concerns about this Privacy Policy or how we handle your data, please contact privacy@certobserver.com.

9. Changes to this policy

We may update this Privacy Policy from time to time, for example to reflect changes in the service, in applicable laws or in our processing activities.

If we make significant changes, we will notify you by email or through the service.

The "Last updated" date at the top of this page shows when the policy was last changed.