Privacy Policy

We are committed to protecting your privacy. This policy explains what data we collect when you use our SSL certificate platform and how we use it responsibly.

Last Updated: March 11, 2026  |  Effective Date: March 11, 2026

1. Introduction

SSLs For Free ("we," "us," or "our") is an SSL certificate platform operated by DigitalHubz. We provide free and paid SSL/TLS certificates, domain validation services, SSL management tools, and website security resources to website owners, developers, and businesses worldwide.

This Privacy Policy describes how we collect, use, store, disclose, and protect information when you visit sslsforfree.com (the "Website") or use any of our SSL-related services (collectively, the "Services"). It also explains your rights regarding your personal information and how you can exercise them.

By accessing our Website or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, you should discontinue use of our Services immediately.

This policy applies to all users globally. Where applicable, we comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant data protection laws.

2. Information We Collect

We collect information in the following categories when you interact with our platform:

2.1 Information You Provide Directly

  • Account Information: Name, email address, and password when you register for an account.
  • Contact Form Data: Name, email address, and the content of messages you send us via our contact form.
  • Payment Information: For paid SSL plans, billing details (processed securely by our payment partners — we do not store full card numbers).
  • Support Requests: Communications you send to our support team, including technical details you voluntarily provide.

2.2 Automatically Collected Technical Data

  • Log Data: IP address, browser type and version, operating system, referring URLs, pages visited, and timestamps.
  • Device Information: Device type, screen resolution, and browser language preferences.
  • Usage Data: Interactions with our SSL tools, which features you use, and how long you use them.
  • Cookies and Tracking Data: See our Cookie Policy for full details.

2.3 SSL Certificate and Domain Data

See Section 3 below for a detailed description of certificate-specific data we collect as part of our SSL issuance process.

3. Domain and Certificate Data

Because our core service involves issuing SSL/TLS certificates for domains, we necessarily collect and process specific technical data as part of that process:

  • Domain Names: The fully qualified domain names (FQDNs) for which you request SSL certificates, including subdomains and wildcard entries.
  • Certificate Signing Requests (CSRs): The CSR data you generate or submit, which may contain organizational details, common name, and public key information.
  • Domain Validation Records: DNS CNAME records, HTTP file tokens, or email confirmation details used to verify your ownership of the domain before a certificate is issued.
  • Certificate Metadata: Serial numbers, validity periods, issuance dates, expiry dates, and revocation status of certificates we issue or manage for you.
  • Private Keys (User-Side Only): We strongly recommend that private keys are generated and stored on your own server. Where our tools assist with key generation, private key material is processed transiently and is not retained on our servers after delivery to you.
Important: SSL certificate details, including domain names and public keys, are published in public Certificate Transparency (CT) logs as required by industry standards. This is not specific to our platform — it applies to all publicly trusted SSL certificates issued globally.

4. How We Use Information

We use the data we collect for the following purposes:

  • SSL Certificate Issuance: To process your domain validation requests and issue SSL/TLS certificates through our partnered Certificate Authorities (CAs).
  • Domain Ownership Verification: To confirm that you have legitimate control over the domain(s) for which you are requesting a certificate.
  • Account Management: To create, maintain, and secure your user account, and to provide you with access to your certificate history and management tools.
  • Service Communication: To send certificate expiry reminders, renewal notices, validation status updates, and important security alerts related to your certificates.
  • Customer Support: To respond to your inquiries, troubleshoot technical issues, and provide assistance with SSL installation or configuration.
  • Service Improvement: To analyze how users interact with our platform in order to improve performance, usability, and feature offerings.
  • Security and Fraud Prevention: To detect, investigate, and prevent abuse of our certificate issuance process, unauthorized account access, and fraudulent domain validation attempts.
  • Legal Compliance: To comply with applicable laws, regulations, court orders, and obligations imposed by Certificate Authority/Browser (CA/Browser) Forum Baseline Requirements.
  • Billing: For paid plans, to process payments, generate invoices, and manage subscription renewals.

We process your data only where we have a lawful basis to do so, including contractual necessity, legitimate interests, your consent, or legal obligation.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate our Website, remember your preferences, and analyze platform usage. Cookies are small text files stored on your device when you visit our Website.

The categories of cookies we use include:

  • Essential Cookies: Required for core site functionality such as session management and form security (CSRF tokens).
  • Analytics Cookies: Used to understand how visitors interact with our platform (e.g., Google Analytics).
  • Performance Cookies: Used to optimize page load times and platform responsiveness.

You can control cookie preferences through your browser settings or our cookie consent banner. For a complete breakdown of every cookie we use, please refer to our Cookie Policy.

6. Data Security

Protecting your data is central to our business — we are an SSL security company, after all. We implement the following technical and organizational measures to safeguard your information:

  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or TLS 1.3.
  • Encryption at Rest: Sensitive data stored in our databases is encrypted at rest using industry-standard encryption algorithms.
  • Access Controls: Access to user data is restricted to authorized personnel on a strict need-to-know basis, enforced through role-based access control.
  • Secure Infrastructure: Our platform is hosted on infrastructure with physical and network security controls, including firewalls, intrusion detection systems, and DDoS protection.
  • Regular Security Audits: We conduct periodic security reviews and vulnerability assessments of our platform.
  • Password Security: User account passwords are stored using strong one-way hashing algorithms (bcrypt) and are never stored in plain text.

While we take every reasonable precaution, no method of electronic transmission or storage is 100% secure. In the event of a data breach that poses a risk to your rights, we will notify affected users and relevant authorities as required by applicable law.

7. Third-Party Services

To deliver our SSL services, we work with the following categories of third parties who may process your data:

  • Certificate Authorities (CAs): We partner with trusted, publicly trusted CAs (such as Let's Encrypt) to issue SSL/TLS certificates. Your domain name and validation data are shared with these CAs as required by the certificate issuance process. CAs are governed by the CA/Browser Forum Baseline Requirements and their own privacy policies.
  • Analytics Providers: We use services such as Google Analytics to analyze Website traffic. These providers may set cookies and collect anonymized usage data. Google's privacy policy governs their data use.
  • Payment Processors: For paid plans, payment data is processed by PCI-DSS-compliant payment providers. We do not store full payment card details on our systems.
  • Cloud Infrastructure: Our platform is hosted on third-party cloud infrastructure providers. These providers are contractually bound to data processing agreements that ensure appropriate data protection measures.
  • Email Service Providers: We use transactional email providers to deliver certificate issuance confirmations, expiry notices, and support responses.

We do not sell your personal information to third parties for their marketing purposes. Any third-party data sharing is governed by data processing agreements and limited to what is necessary to deliver our Services.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to our legal and contractual obligations (e.g., we may be required to retain certificate issuance records for compliance purposes).
  • Right to Restriction: Request that we limit the processing of your personal data under certain circumstances.
  • Right to Data Portability: Request that we transfer your personal data to you or another service provider in a structured, machine-readable format.
  • Right to Object: Object to our processing of your personal data where it is based on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • CCPA Rights (California Residents): California residents have the right to know, delete, and opt out of the sale of personal information. We do not sell personal information as defined by the CCPA.

To exercise any of these rights, please contact us at legal@sslsforfree.com. We will respond to verified requests within 30 days.

9. Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes described in this policy, or as required by law:

  • Account Data: Retained for the duration of your active account plus a reasonable period after account closure to resolve any outstanding issues or disputes.
  • Certificate Issuance Records: Retained for a minimum of 7 years as required by CA/Browser Forum Baseline Requirements and applicable industry standards.
  • Domain Validation Evidence: Retained for the lifetime of the certificate plus a minimum of 7 years, as required by CA/Browser Forum audit standards.
  • Server Log Data: Retained for up to 90 days for security and diagnostic purposes, then automatically deleted.
  • Support Communications: Retained for up to 3 years to maintain service quality and resolve recurring issues.
  • Financial Records: Retained for a minimum of 7 years for accounting and tax compliance.

After applicable retention periods expire, data is securely deleted or anonymized.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, legal requirements, or data practices. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page.
  • Notify registered users via email where the changes are significant.
  • Display a prominent notice on our Website for a period following the update.

Your continued use of our Services after changes become effective constitutes your acceptance of the revised Privacy Policy. We encourage you to review this page periodically.

11. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

If you are located in the European Economic Area and have concerns about our data practices that we have not resolved, you have the right to lodge a complaint with your local data protection supervisory authority.