Privacy Policy

Last updated: February 16, 2026

1. Introduction

KrakenKey LLC ("we," "us," or "our") is committed to protecting your personal data. This privacy policy explains what data we collect, how we use it, and how we protect it when you use our automated TLS certificate issuance service.

2. Data Controller

KrakenKey LLC is the data controller responsible for your personal data. We can be contacted at:

• Email: support@krakenkey.io

3. Data We Collect

We collect the following data when you use our service:

• Account Information: Email address and authentication credentials
• Domain Information: Domain names you add for certificate issuance
• Certificate Data: Certificate Signing Requests (CSRs), issued certificate metadata, and issuance status
• Technical Data: IP address, browser type, and access logs

We do not collect phone numbers, physical addresses, or payment information. Private keys generated using our in-browser CSR tool are created client-side and never sent to our servers.

4. How We Use Your Data

We use your data to:

• Provide and operate the certificate issuance service
• Complete DNS-01 domain validation on your behalf
• Communicate service updates and security notifications
• Maintain service security and prevent abuse
• Comply with legal obligations

5. Data Sharing

We share data with the following third parties as necessary to operate the service:

• Let's Encrypt (ISRG): CSR data is submitted to Let's Encrypt as the Certificate Authority to issue your TLS certificates
• Cloudflare: DNS records are created temporarily for DNS-01 challenge validation

We do not sell your data. We do not share your data with third parties for marketing purposes.

6. Data Retention

We retain your data as follows:

• Account Data: Retained while your account is active, deleted upon request
• Certificate Records: Retained for the lifetime of the issued certificate plus 90 days
• Access Logs: Retained for up to 90 days for security purposes

7. Data Security

We protect your data with:

• Encryption of data in transit (TLS) and at rest
• Access controls limiting data access to authorized personnel
• Client-side private key generation — your private keys never touch our servers

8. Your Rights

You have the right to:

• Access a copy of the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data and account
• Object to data processing where we rely on legitimate interest

If you are located in the European Economic Area (EEA), you have additional rights under the GDPR, including data portability and the right to restrict processing.

To exercise any of these rights, contact us at support@krakenkey.io.

9. Cookies

The KrakenKey marketing website (krakenkey.io) does not use cookies or client-side tracking. The KrakenKey application (app.krakenkey.io) uses essential cookies for authentication and session management only. We do not use cookies for analytics, advertising, or personalization.

10. Data Breach Response

In the event of a data breach that affects your personal data, we will notify affected users by email as soon as reasonably possible and no later than 72 hours after becoming aware of the breach.

11. Changes to This Policy

We may update this privacy policy as our service evolves. We will notify you of significant changes via email or by posting a notice on our website.

12. Contact Information

If you have questions about this privacy policy or your data, contact us at:

• support@krakenkey.io