Privacy Policy

Last updated: 2026-05-06

1. Who we are

Domain Yoga is the controller of personal data processed in connection with the Service. Contact us at legal@domain.yoga. We are based in Denmark.

2. What we collect and why

• Account data — your email and a hashed password, processed through Supabase Auth (EU region).
• Payment data — billing email and payment metadata, processed by Stripe. We never see your card number.
• Search input — the project description you submit, sent to a large language model provider for inference. Do not include sensitive personal information you do not want a third party to process.
• Domain queries — generated domain strings sent to a domain availability provider (Gandi). No personal information is sent unless your search input contains it.
• Service operation — IP addresses and request metadata used by our hosting and CDN providers (Cloudflare, Hetzner) to deliver the Service.
• Product analytics (only if you consent) — pageviews, button clicks, and error reports captured by PostHog (EU host). Disabled until you accept the consent banner.

3. Sub-processors

The following sub-processors process personal data on our behalf:

• Stripe, Inc. — payment processing, United States, Standard Contractual Clauses for transfers.
• Supabase, Inc. — authentication, EU region.
• LLM providers — we may use any of the following approved providers for AI inference: Anthropic (US), OpenAI (US), Google (US), or Mistral (EU). The current default provider is Anthropic. Transfers to US providers rely on Standard Contractual Clauses.
• Cloudflare, Inc. — static hosting and content delivery, global edge with US headquarters, Standard Contractual Clauses.
• PostHog Inc. — product analytics (consent-gated), EU host (eu.i.posthog.com).

We also rely on the following service providers as infrastructure:

• Hetzner Online GmbH (Germany)
• Gandi SAS (France) — domain string lookups only.

4. Cookies and similar technologies

• Essential — dy_consent stores your consent decision, scoped to .domain.yoga so it is honored across subdomains. Supabase Auth and Stripe Checkout set additional essential cookies when you sign in or pay.
• Optional (consent-gated) — PostHog stores cookies and localStorage entries only after you accept the consent banner.

5. How long we keep data

• Account data: until you delete your account.
• Payment records: 5 years (Danish bookkeeping law).
• Search history: until account deletion or 24 months from last activity.
• Anonymous product analytics: 1 year.

6. Your rights

Under the GDPR you have the right to access, rectify, erase, port, or object to the processing of your personal data, and to withdraw consent at any time. Submit requests to legal@domain.yoga.

7. California Residents

We do not sell or share personal information as those terms are defined under the California Consumer Privacy Act (CCPA). California residents may request access to, correction of, or deletion of their personal information by contacting legal@domain.yoga.

8. Children

We do not knowingly collect personal data from individuals under 16. If you believe we have, contact us at legal@domain.yoga.

9. Changes

We will notify registered users by email and display a prominent notice on the Service for 30 days before any material change takes effect.