GDPR Compliance

Last Updated: December 2025

Introduction

GuardSSL is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements and outlines your rights as a data subject when using our SSL certificate monitoring service.

Data Controller

GuardSSL acts as the data controller for the personal data we collect and process. As the data controller, we determine the purposes and means of processing your personal data and are responsible for ensuring compliance with applicable data protection laws.

Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

  • Contract Performance: Processing necessary to provide our SSL monitoring services as agreed in our Terms of Service
  • Legitimate Interests: Processing for our legitimate business interests, such as improving our services and preventing fraud
  • Consent: Where you have given explicit consent for specific processing activities, such as marketing communications
  • Legal Obligation: Processing required to comply with applicable laws and regulations

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal data:

  • Right of Access: You can request a copy of the personal data we hold about you
  • Right to Rectification: You can request correction of inaccurate or incomplete personal data
  • Right to Erasure: You can request deletion of your personal data under certain circumstances ("right to be forgotten")
  • Right to Restriction: You can request that we limit the processing of your personal data
  • Right to Data Portability: You can request your data in a structured, commonly used, machine-readable format
  • Right to Object: You can object to processing based on legitimate interests or for direct marketing purposes
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time

Data Processing Activities

We process personal data for the following purposes:

  • Account Management: Email address, name, and password for user authentication and account administration
  • Service Delivery: Domain names and SSL certificate data to provide monitoring and alert services
  • Payment Processing: Payment information processed through Stripe to manage subscriptions (we do not store card details)

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to protect your data in accordance with GDPR requirements.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. When your data is no longer needed, we will securely delete or anonymize it. You can request deletion of your account and associated data at any time.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include SSL/TLS encryption, secure password hashing, access controls, and regular security assessments. We continuously review and update our security practices to maintain the highest level of protection.

Right to Lodge a Complaint

If you believe that our processing of your personal data violates GDPR, you have the right to lodge a complaint with a supervisory authority. You can contact the data protection authority in your country of residence, place of work, or where the alleged infringement occurred. We encourage you to contact us first so we can address your concerns directly.

Contact Us

For any questions about our GDPR compliance, to exercise your data protection rights, or to raise any concerns about how we handle your personal data, please contact us. We are committed to responding to your requests within the timeframes required by GDPR (typically within one month).