Privacy Policy

1. Privacy Overview

Unregistry ("we," "us," or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our domain registration services, Web3 domain platform, APIs, and related services.

We are committed to transparency and compliance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

                Key Privacy Principles
                Transparency: We clearly explain what data we collect and why
Choice: You control how your information is used
Security: We protect your data with industry-standard measures
Compliance: We follow all applicable privacy laws and regulations

            

2. Information We Collect

2.1 Personal Information

We collect information that identifies, relates to, or could reasonably be linked to you:

Account Information: Name, email address, phone number, billing address
Payment Information: Credit card details, billing information (processed securely by third-party providers)
Domain Registration Data: WHOIS information as required by domain registration policies
Communication Records: Support tickets, emails, chat logs with our customer service
Identity Verification: Documentation for account verification when required

2.2 Technical Information

Usage Data: How you interact with our services, features used, time spent
Device Information: IP address, browser type, operating system, device identifiers
Log Data: Server logs, API calls, error reports, performance metrics
Analytics Data: Website traffic patterns, user behavior, conversion metrics

2.3 Web3 and Blockchain Data

Wallet Information: Public wallet addresses, transaction history
NFT Data: Domain NFT ownership, transfer records, metadata
Blockchain Transactions: On-chain activities related to .u domain management
FIO Protocol Data: @u handle registrations and usage

3. How We Use Information

We use your information for the following purposes:

3.1 Service Provision

Processing domain registrations and renewals
Managing your account and providing customer support
Facilitating payments and billing
Maintaining WHOIS records as required by domain policies
Providing API access and technical services

3.2 Business Operations

Improving our services and developing new features
Analyzing usage patterns and service performance
Preventing fraud and ensuring security
Complying with legal obligations and industry requirements
Communicating important service updates and changes

3.3 Marketing (With Consent)

Sending promotional emails about our services
Providing personalized recommendations
Conducting market research and surveys
Advertising our services on third-party platforms

4. Information Sharing

We share your information only in the following circumstances:

4.1 Service Providers

We work with trusted third-party service providers who help us operate our business:

Payment Processors: For secure payment processing
Cloud Infrastructure: For hosting and data storage
Analytics Providers: For website and service analytics
Security Services: For fraud prevention and security monitoring
Communication Platforms: For customer support and notifications

4.2 Legal Requirements

WHOIS database publication (as required for domain registrations)
Compliance with court orders and legal processes
Response to law enforcement requests
Protection of our rights and property
Prevention of fraud or illegal activities

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice of any such transfer.

5. Data Security

We implement comprehensive security measures to protect your information:

5.1 Technical Safeguards

Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
Access Controls: Role-based access with multi-factor authentication
Network Security: Firewalls, intrusion detection, and monitoring systems
Regular Updates: Security patches and software updates
Vulnerability Testing: Regular security assessments and penetration testing

5.2 Organizational Measures

Employee training on data protection and security
Background checks for personnel with data access
Incident response procedures and breach notification protocols
Regular security policy reviews and updates
Third-party security assessments and compliance audits

Security Incident Response

In the unlikely event of a data breach, we will notify affected users within 72 hours and take immediate steps to contain and remedy the situation. We maintain cyber insurance and work with leading security firms to ensure rapid response capabilities.

6. Cookies and Tracking

We use cookies and similar technologies to enhance your experience:

6.1 Types of Cookies

Cookie Type	Purpose	Duration
Essential	Required for basic site functionality	Session
Performance	Analytics and site optimization	2 years
Functional	Remember preferences and settings	1 year
Targeting	Personalized advertising (with consent)	1 year

6.2 Cookie Management

You can control cookies through your browser settings or our cookie preference center. Note that disabling certain cookies may impact site functionality.

7. Your Privacy Rights

You have the following rights regarding your personal information:

7.1 Universal Rights

Access: Request a copy of your personal data
Correction: Update or correct inaccurate information
Deletion: Request deletion of your data (subject to legal requirements)
Portability: Receive your data in a machine-readable format
Opt-out: Unsubscribe from marketing communications

7.2 GDPR Rights (EU Residents)

Lawful Basis: Information about why we process your data
Restriction: Limit how we use your information
Objection: Object to certain types of processing
Automated Decision-Making: Opt-out of automated profiling
Data Protection Officer: Contact our DPO with concerns

7.3 CCPA Rights (California Residents)

Know: Learn what personal information we collect and how it's used
Delete: Request deletion of personal information
Opt-out: Opt-out of the sale of personal information
Non-discrimination: Equal service regardless of privacy choices

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected] or use our online privacy request form. We will respond within 30 days (or as required by applicable law).

8. Data Retention

We retain your information for as long as necessary to provide services and comply with legal obligations:

8.1 Retention Periods

Account Data: Duration of account plus 7 years for tax/legal purposes
Domain Registration Data: As required by registry policies (typically 2 years after expiration)
Payment Records: 7 years for accounting and compliance purposes
Support Communications: 3 years for quality assurance and training
Web3/Blockchain Data: Indefinitely (immutable blockchain records)
Analytics Data: 2 years in aggregated, anonymized form

8.2 Secure Disposal

When data is no longer needed, we securely delete or anonymize it using industry-standard methods. Blockchain data cannot be deleted but does not contain personally identifiable information.

12. Web3 and Blockchain Privacy

Our Web3 and blockchain services have unique privacy considerations:

12.1 Blockchain Transparency

Blockchain transactions are public and immutable. While we don't publish personal information on-chain, your wallet address and transaction history may be publicly visible.

12.2 NFT Privacy

Domain NFTs contain metadata but no personal information
NFT ownership is publicly visible on the blockchain
Transfer history is permanently recorded
We don't link wallet addresses to personal identities unless required

12.3 @u Handle System

@u handles are managed through the FIO Protocol
Handle ownership is recorded on-chain
We don't control or have access to FIO Protocol data
Handle privacy is governed by FIO Protocol policies

13. GDPR Compliance

For users in the European Union, we provide additional protections:

13.1 Legal Basis for Processing

Contract: Domain registration and service provision
Legitimate Interest: Service improvement and security
Legal Obligation: WHOIS publication and regulatory compliance
Consent: Marketing communications and optional features

13.2 Data Protection Impact Assessments

We conduct regular privacy impact assessments for new services and data processing activities, especially those involving Web3 and blockchain technologies.

15. Policy Changes

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify you of material changes by:

Email notification to registered users
Prominent notice on our website
In-app notifications for significant changes
30-day advance notice for material changes

Continued use of our services after changes become effective constitutes acceptance of the updated policy.

16. Contact Information

For privacy-related questions or concerns, please contact us:

16.1 Privacy Contacts

Privacy Officer: [email protected]
Data Protection Officer (EU): [email protected]
CCPA Requests: [email protected]
General Support: [email protected]
Mailing Address: [To be specified]

16.2 Response Times

General Inquiries: 5 business days
GDPR Requests: 30 days (extendable to 60 days for complex requests)
CCPA Requests: 45 days (extendable to 90 days)
Data Breach Notifications: Within 72 hours

Supervisory Authority

If you're not satisfied with our response to privacy concerns, EU residents may contact their local data protection authority. California residents may contact the California Attorney General's office.

Table of Contents