← Back to Home

Privacy Policy

This Privacy Policy describes how A1-Soft Company collects, uses, and protects your personal information when you use the SSL Certificate Manager platform.

Last Updated: April 2026

1. Information We Collect

We collect various types of information in connection with the SSL Certificate Manager service. The categories of data we collect include:

1.1 Account Information

When you create an account, we collect the following personal information:

• Full Name: Your first and last name as provided during registration.
• Email Address: Your email address, used for account authentication, communications, and notifications.
• Organization Name: If applicable, the name of your company or organization.
• Password: A hashed version of your password (we never store passwords in plain text).
• Account Preferences: Your notification settings, display preferences, and language selection.

1.2 Domain and Server Information

To provide our SSL certificate management services, we collect:

• Domain Names: The domain names you register for SSL certificate management, including subdomains and wildcard domains.
• Server IP Addresses: The IP addresses of servers where the desktop agent is installed or certificates are deployed.
• Machine IDs: Unique identifiers generated by the desktop agent application for each server or machine, used to associate certificates with specific installations.
• Server Configuration Data: Information about your web server environment, including IIS site names, binding configurations, operating system version, and installed web server software.
• Certificate Metadata: Details about issued certificates, including issuance dates, expiration dates, certificate types, Subject Alternative Names (SANs), and renewal history.

1.3 Payment Information

When you make a purchase or subscribe to a paid plan:

• Payment Method: Your payment method details are collected and processed by our payment processor, Lemon Squeezy. We do not directly store your credit card numbers or full payment card details on our servers.
• Billing Information: Your billing name, billing address, and transaction history.
• Transaction Records: Records of purchases, subscription changes, and refund requests.

1.4 Usage and Technical Data

We automatically collect certain technical and usage information when you interact with our Service:

• IP Addresses: Your IP address when accessing the web platform or when the desktop agent communicates with our servers.
• Browser Information: Browser type, version, language, and operating system when accessing the web platform.
• Access Logs: Timestamps, pages visited, actions performed, API calls made, and error logs.
• Device Information: Device type, screen resolution, and other technical characteristics of the device used to access the Service.
• Agent Telemetry: Operational data from the desktop agent, including certificate operation results, error reports, and performance metrics.

1.5 Communication Data

When you contact us for support or provide feedback:

• Support Tickets: The content of your support requests, emails, and any attachments you provide.
• Feedback: Any feedback, suggestions, or reviews you submit.

2. How We Use Your Data

We use the information we collect for the following purposes:

2.1 Service Delivery

• To create, maintain, and secure your account.
• To process SSL/TLS certificate requests, issuance, installation, and renewal.
• To facilitate domain validation challenges with Certificate Authorities.
• To monitor certificate status and send expiration and renewal notifications.
• To associate certificates and configurations with your registered servers via Machine IDs.
• To provide customer support and respond to your inquiries.

2.2 Service Improvement

• To analyze usage patterns and identify areas for feature improvement.
• To diagnose technical issues, debug errors, and optimize performance.
• To develop new features, products, and services based on aggregate usage data.
• To conduct internal analytics and generate statistical reports (using anonymized or aggregated data where possible).

2.3 Communication

• To send essential service notifications, including certificate expiration alerts, renewal confirmations, and security notices.
• To send account-related communications, such as billing confirmations, password resets, and account status updates.
• To send product updates and announcements about new features (with your consent where required by law).

2.4 Security and Fraud Prevention

• To detect, prevent, and respond to unauthorized access, fraud, abuse, and security threats.
• To enforce our Terms of Service and protect the rights and safety of our users and third parties.
• To comply with legal obligations and respond to lawful requests from government authorities.

3. Data Storage and Security

3.1 Data Storage

Your data is stored on secure servers and databases operated by A1-Soft Company and our authorized hosting providers. Our primary data storage infrastructure is designed with redundancy and reliability in mind. We may store data in multiple geographic locations to ensure availability and performance.

3.2 Security Measures

We implement commercially reasonable technical and organizational security measures to protect your personal data, including:

• Encryption in Transit: All data transmitted between your browser or desktop agent and our servers is encrypted using TLS/SSL protocols.
• Encryption at Rest: Sensitive data stored on our servers, including private keys (if stored), is encrypted at rest using industry-standard encryption algorithms.
• Access Controls: Strict role-based access controls limit who within our organization can access personal data, based on the principle of least privilege.
• Password Hashing: User passwords are stored using strong, salted cryptographic hashing algorithms. We never store passwords in plain text.
• Regular Security Audits: We conduct periodic security reviews and vulnerability assessments of our infrastructure and application code.
• Incident Response: We maintain an incident response plan to promptly address and mitigate any data security incidents.

3.3 Private Key Handling

3.4 No Absolute Guarantee

While we implement robust security measures, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data and shall not be held liable for any unauthorized access that occurs despite our reasonable security efforts.

4. Third-Party Services

Our Service integrates with and relies upon several third-party services. Each of these services has their own privacy policies governing the data they collect and process:

4.1 Let's Encrypt

We use Let's Encrypt as our primary Certificate Authority for issuing SSL/TLS certificates. When you request a certificate through our Service, certain information is shared with Let's Encrypt, including your domain name(s) and information necessary for domain validation. Let's Encrypt maintains its own privacy policy, which governs their handling of this data. Let's Encrypt also maintains publicly accessible Certificate Transparency logs that record issued certificates. Please review Let's Encrypt's Privacy Policy for details.

4.2 Lemon Squeezy

We use Lemon Squeezy as our payment processing provider. When you make a purchase, your payment information is collected and processed by Lemon Squeezy. We receive only limited transaction information (such as transaction ID, amount, and status) from Lemon Squeezy. Your payment card details are stored and processed by Lemon Squeezy in compliance with PCI DSS standards. Please review Lemon Squeezy's Privacy Policy for details on their data practices.

4.3 Google Analytics

We use Google Analytics to analyze website traffic and usage patterns on our web platform. Google Analytics collects information such as your IP address (which may be anonymized), browser type, referring pages, pages visited, and time spent on each page. This data is used in aggregate form to understand how users interact with our Service and to improve the user experience. Google Analytics uses cookies to collect this information. Please review Google's Privacy Policy for more information. You may opt out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-on.

4.4 Other Third-Party Services

We may integrate with additional third-party services for purposes such as email delivery, error tracking, performance monitoring, and customer support. We evaluate the privacy practices of third-party providers before integration and require that they handle data in accordance with applicable privacy laws. A current list of sub-processors is available upon request.

5. Cookies and Tracking Technologies

5.1 Types of Cookies We Use

Cookie Type	Purpose	Duration
Essential Cookies	Required for authentication, session management, and core functionality of the platform. The Service cannot function properly without these cookies.	Session / Up to 30 days
Preference Cookies	Store your settings and preferences, such as language selection, display mode, and notification preferences.	Up to 1 year
Analytics Cookies	Collect anonymized usage data to help us understand how users interact with the Service and identify areas for improvement (e.g., Google Analytics).	Up to 2 years
Security Cookies	Help detect and prevent fraudulent activity, unauthorized access attempts, and other security threats.	Session / Up to 90 days

5.2 Managing Cookies

Most web browsers allow you to control cookies through their settings. You can configure your browser to block or delete cookies, or to alert you when a cookie is being set. Please note that blocking essential cookies may prevent you from using certain features of the Service. Instructions for managing cookies can typically be found in your browser's help documentation.

5.3 Do Not Track

Some browsers support a "Do Not Track" (DNT) signal. Our Service does not currently respond to DNT signals. However, you can manage your tracking preferences through cookie settings and analytics opt-outs as described above.

6. Data Retention

6.1 Retention Periods

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, or as required by applicable law. The specific retention periods depend on the type of data:

• Account Information: Retained for the duration of your active account and for up to two (2) years after account closure or deletion, unless a longer retention period is required by law.
• Certificate and Domain Data: Retained for the duration of your account and for up to one (1) year after account closure, to support auditing and historical record-keeping.
• Transaction and Billing Data: Retained for up to seven (7) years after the transaction date, as required for tax, accounting, and legal compliance purposes.
• Access and Server Logs: Retained for up to ninety (90) days for security monitoring and troubleshooting purposes, after which they are automatically purged or anonymized.
• Support Communications: Retained for up to three (3) years after the last interaction, to maintain a record of support history and resolutions.
• Analytics Data: Aggregated and anonymized analytics data may be retained indefinitely for statistical analysis purposes.

6.2 Data Deletion

When data is no longer needed, we securely delete or anonymize it using industry-standard methods. Deletion requests are processed in accordance with the procedures described in Section 8 (Your Rights).

7. International Data Transfers

A1-Soft Company is based in Kuwait. If you access the Service from outside Kuwait, your data may be transferred to, stored, and processed in Kuwait or other countries where our servers or third-party service providers are located. These countries may have data protection laws that differ from those in your jurisdiction.

When we transfer personal data internationally, we take appropriate safeguards to ensure that your data is protected in accordance with this Privacy Policy and applicable data protection laws. These safeguards may include contractual protections (such as standard contractual clauses) and ensuring that our service providers maintain adequate security measures.

8. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

8.1 Right of Access

You have the right to request a copy of the personal data we hold about you. We will provide this information in a structured, commonly used, and machine-readable format within thirty (30) days of receiving your verified request.

8.2 Right to Correction

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you. You can update most account information directly through your account settings. For other corrections, please contact us at support@ssl.a1-soft.com.

8.3 Right to Deletion

You have the right to request the deletion of your personal data, subject to certain exceptions. We may retain certain data where we have a legal obligation to do so, where it is necessary for the performance of a contract, or where we have a legitimate interest that overrides your request. Upon receiving a valid deletion request, we will:

• Delete your account and associated personal data from our active systems within thirty (30) days.
• Remove your data from backup systems within ninety (90) days.
• Provide confirmation of deletion upon completion.

8.4 Right to Data Portability

You have the right to receive your personal data in a portable format and to request that we transfer it to another service provider, where technically feasible.

8.5 Right to Object

You have the right to object to the processing of your personal data for certain purposes, including direct marketing. If you object to processing for direct marketing, we will cease such processing promptly.

8.6 Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing based on legitimate interests.

8.7 Exercising Your Rights

To exercise any of the above rights, please contact us at support@ssl.a1-soft.com with a clear description of your request. We may ask you to verify your identity before processing your request. We will respond to verified requests within thirty (30) days, or within the timeframe required by applicable law.

9. Children's Privacy

The SSL Certificate Manager service is not intended for use by individuals under the age of sixteen (16) years old. We do not knowingly collect, use, or disclose personal information from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take reasonable steps to promptly delete such data from our systems.

If you are a parent or guardian and believe that your child has provided personal information to us without your consent, please contact us at support@ssl.a1-soft.com, and we will work to delete the information promptly.

10. GDPR Compliance

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following additional provisions apply to you under the General Data Protection Regulation (GDPR) and related legislation:

10.1 Legal Basis for Processing

We process your personal data on the following legal bases:

• Contract Performance: Processing necessary for the performance of the contract between you and A1-Soft Company (i.e., providing the Service as described in our Terms of Service).
• Legitimate Interests: Processing necessary for our legitimate interests, such as improving the Service, ensuring security, and preventing fraud, provided these interests are not overridden by your fundamental rights and freedoms.
• Consent: Where we rely on your consent for specific processing activities (such as marketing communications), you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• Legal Obligation: Processing necessary for compliance with a legal obligation to which A1-Soft Company is subject.

10.2 Data Protection Officer

For GDPR-related inquiries, you may contact our data protection team at support@ssl.a1-soft.com. We are committed to addressing any concerns you may have regarding our data protection practices.

10.3 Supervisory Authority

If you are located in the EEA, you have the right to lodge a complaint with a supervisory authority in the EU member state where you reside, where you work, or where the alleged infringement occurred, if you believe that our processing of your personal data violates the GDPR.

10.4 Data Protection Impact Assessments

Where required by the GDPR, we conduct Data Protection Impact Assessments (DPIAs) to evaluate and mitigate risks associated with the processing of personal data, particularly for new processing activities or technologies that may pose a high risk to the rights and freedoms of data subjects.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page.
• Post a notice on our website or within the Service dashboard for a reasonable period.
• For significant changes, send an email notification to the email address associated with your account.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data. Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: