modusdom
Book a call
Domains
Find a domain ✦ ModusAI suggestions Transfer in
Email
What we set up Packages
More
Pricing Deals Help About Contact Sign in Book a call
Trust Center

How we earn your trust.

Transparency on the four things that matter most: data handling, security practices, compliance posture, and operational commitments.

Data we collect

  • Registrant info — name, email, phone, postal address. Required by ICANN for every domain. Stored encrypted at rest, transmitted over TLS.
  • Billing info — handled by Stripe. We never store full card numbers; only a Stripe customer ID + last-4 reference.
  • Account credentials — emails and bcrypt-hashed passwords. Never plain text, never logged.
  • Usage logs — page views, search queries, admin actions. Retained 90 days for debugging + security.

Data we don't collect

  • We don't use tracking pixels from third-party ad networks.
  • We don't sell or rent customer data, ever.
  • We don't add you to marketing lists without explicit opt-in (your Profile page controls this).
  • We don't read mailbox contents (mailbox content is encrypted on the email provider's infrastructure).

Security practices

  • TLS 1.3 enforced on all customer + admin traffic. HSTS preload-ready.
  • Bcrypt password hashing (cost factor 10). Re-hashed on each successful login if cost factor changes.
  • CSRF tokens on every state-changing form.
  • Strict-Transport-Security, X-Content-Type-Options, X-Frame-Options, Referrer-Policy headers on every response.
  • Webhook signatures verified (HMAC-SHA256) on every Stripe and registrar callback.
  • OAuth 2.0 / OIDC for Google + Microsoft sign-in — we never see your provider password.
  • All admin actions logged to an immutable event log with customer + operator attribution.

Compliance

  • ICANN-accredited registration via OpenSRS / Tucows.
  • GDPR-compliant data handling — EU customers can request data export or deletion via hello@modusdom.com.
  • CCPA-compliant — California residents can opt out of any data sale (we don't sell, but the right exists).
  • PCI-DSS — payment processing entirely on Stripe; we never touch cardholder data.
  • SOC 2 (via Stripe + OpenSRS) — our payment and registry partners are SOC 2 Type II certified.

Operational commitments

  • Customer support response — under 24 hours for any email, usually under 2 hours during US business days.
  • Domain ownership — every domain is registered in your name. Transferring out is 1-click + EPP code.
  • Renewal notifications — 30 days and 7 days before expiry, by email.
  • Pricing transparency — year-one and year-two prices are always identical.
  • No lock-in tricks — no fees for canceling, transferring, or downgrading.

Incident response

If we discover a security incident affecting your account, we'll notify you within 72 hours per GDPR Article 33. We publish summary post-mortems for any incident that affects more than 1% of customers, within 30 days of resolution.

Reporting a vulnerability

Found a security issue? Email security@modusdom.com. We respond within 24 hours and credit responsible disclosure in our security acknowledgments. No bug bounty (yet) — but we appreciate the report.