Last modified: March 30, 2020
We work hard to protect our systems and you from unauthorized access to or unauthorized alteration, disclosure or destruction of Personal Data we hold. Specifically, we encrypt many of our services to provide you secure access to our site and your information. We also offer you the ability to enable two-step verification for access to your account. We review our Personal Data collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems. We restrict access to Personal Data to our employees, contractors, and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
We intend to maintain our services in a manner that protects Personal Data from accidental or malicious destruction. Because of this, after you delete Personal Data from our services, we may retain your Personal Data for a period of time sufficient to investigate suspected incidents of unauthorized access to your account, malicious destruction of data, legal disputes or instances of abuse.
Information We Collect In Providing Our Services To You
We collect Personal Data we need in order to provide you the services you have purchased from us. To make purchases, we will ask you for your payment information, such as your credit card information required by payment processing services to transact your payments to us.
Domain registration is the service of authoritatively and securely establishing you as the registrant of a domain name. In order to do so, we must inherently be able to identify and confirm you as the registrant of any domain name you have registered with us, and we must have your contact information in order to notify you of expirations and to confirm changes to your domain registration such as, renewals, transfers, or updates to your contact information. To protect against identity fraud we may contact you to confirm the accuracy of information you have provided to us, and we require that you provide redundant means of contacting you, such as by email, telephone or postal mail, to confirm that your contact information is accurate, and/or to investigate whether your contact details may have been subject to misappropriation or identity fraud. The provision of inaccurate or false contact information to us may result in the suspension or cancellation of your services.
We also collect personal data we are contractually required to collect by the Internet Corporation for Assigned Names and Numbers (“ICANN”), other domain name registry providers, credit card and payment providers, and third-parties that provide services, such as email and web hosting, that we offer to you in conjunction with our domain registration services. The applicable TLD registry, whether under the authority of ICANN or the applicable ccTLD manager, may impose additional or different data retention requirements as a condition of our being able to offer domain registration services to you. In order to safeguard your domain name registration in the event of catastrophic failure or other inability to continue to provide domain name registration services to you, we are required to use an ICANN-accredited data escrow provider, so that your services can be transferred to another provider.
When you register your domain name, we will identify your domain name as having been registered through us in public WHOIS data. If you desire to be publicly identified as the registrant of your domain name, we provide the option of having your personal data included in the public WHOIS data. If you are an organizational registrant, the name of your organization will be included in the public WHOIS data.
By default, we will provide users of our WHOIS system the ability to use a web form to contact you about your domain name. We will collect and forward information submitted by users of the web form to your email address. We will maintain a temporary log of metadata about use of the web form by visitors for diagnostic and abuse monitoring purposes, such as in the event we are unable to forward information to the email address you have provided to us.
When you provide contact information to us for registration, transfer, or updates to your registration data, you warrant that such information is accurate. For any domain name for which you are acting as agent for an organization or other person, you warrant that you have the express consent of such organization or person to provide us with the registration data. If you are unable to provide such consent, or if such party should indicate no such consent exists, we may suspend, cancel or otherwise discontinue your services.
When you select us to configure third party services for use with your domain name, we will ask you for access credentials to those third party services for the sole purpose of performing the configuration of them which you requested us to perform. We will not store or retain your access credentials for longer than necessary to perform such third party service configuration.
At all times, you may access your personal data through your account interface in order to update or correct your personal data. We will maintain your data only as long as needed in order to perform our services to you or to enforce any contractual dispute which may arise under our agreement to provide services.
General Web Access
We may collect Personal Data about our services that you use and how you use them. We automatically collect and store certain information in server logs. This server log data may include: your Internet protocol (“IP”) address; details of how you used our service, such as your search queries; device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL; cookies that may uniquely identify your browser or your account; device-specific information (such as your hardware model, operating system version, and mobile network information including phone number);
Other Contact With Us and Abuse Procedures
When you contact us, we may keep a record of your communication to help solve any issues you might be facing. In the event your account has been subject to identity fraud or abuse, we will retain all such reports and account information necessary to investigate such circumstances.
We do not share Personal Data with companies, organizations and individuals outside of our organization unless one of the following circumstances applies:
With your consent: We will share Personal Data with companies, organizations or individuals outside of our company when we have your express consent to do so.
For legal reasons: We will share Personal Data with other companies, organizations or individuals if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to: meet any applicable law, regulation, legal process or enforceable governmental request; enforce applicable Terms of Service, including investigation of potential violations; detect, prevent, or otherwise address fraud, security or technical issues; protect against harm to the rights, property or safety of us, our users or the public as required or permitted by law.
We will retain all contact information and data associated with any threat of legal action against us, and we will use such information to initiate or defend against any legal action associated with such threats. Likewise, if you we cancel your services for violations of our Terms of Service or for any abusive or unlawful activity, we will retain such information as may be necessary to prevent or block your use of our services in the future.
We will comply with applicable law and domain dispute policies concerning the disclosure of your information to third parties who may request it for legitimate purposes.
The provisions of this section on Legitimate Access shall not prevent us from our own investigation and/or reporting of violations of our terms of service, abuse of our services, attacks on our systems, identify fraud, theft of services, or other unlawful or abusive activity, whether we become aware of such circumstances on our own, or whether it is reported to us by a third party. We will forward third party abuse reports to you to address claims of unlawful or abusive activity associated with your account except in circumstances where it is clear to us that doing so would further advance or promote such activity.