Privacy Policy

1. Introduction and scope

EnsureDomains ("EnsureDomains," "we," "us," or "our") operates the website at ensuredomains.com and the related storefront and customer-support services through which you can purchase domain names, hosting, professional email, SSL certificates, website security, website builders, and marketing products (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you visit our website, browse or place an order through our storefront, or contact us for support.

We are an authorized reseller of GoDaddy products. That means we present, sell, and support these products under our own brand, but the underlying products themselves — domain registration, hosting infrastructure, email, certificate issuance, and the related billing and payment processing — are provisioned and operated by GoDaddy, its ICANN-accredited registrar and registry partners, payment processors, and other third parties. We act as an intermediary and storefront between you and those providers.

Because of this structure, much of the personal information needed to deliver the products is collected and processed directly by GoDaddy, the registrar, the registry, and the payment processor under their own privacy policies. Those policies apply to that data in addition to this one, and they — not we — control how that data is handled within their systems. We encourage you to review GoDaddy's privacy notice and the applicable registrar and registry policies before you purchase a product. We are not responsible for the independent privacy practices of these third parties.

Who is the data controller

For the personal information we collect through our website, storefront, and support channels, the data controller is [Legal Entity Name], located at [Registered business address], [State/Country]. Where GoDaddy, the registrar, the registry, or a payment processor determines the purposes and means of processing for the data they collect to operate a product, that party is the controller (or an independent controller) for that processing. This Privacy Policy describes our practices; it does not and cannot describe in full the practices of those independent third parties.

In this Policy, "personal information" and "personal data" mean information that identifies, relates to, or could reasonably be linked to an identified or identifiable individual, as those terms are defined under applicable law, including the EU and UK General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA").

2. Information we collect

We collect personal information in several ways: information you provide directly, information collected automatically when you use our website, and information we receive from the providers who fulfil your orders. The categories below describe what we collect.

Information you provide to us

• Identity and contact details — your name, email address, postal address, and telephone number.
• Billing and account details — billing name and address, the products you purchase, transaction history, and any account identifiers used to manage your orders.
• Domain registrant contact data — the registrant, administrative, technical, and billing contact details required to register a domain name. ICANN policy and the registry require accurate, complete contact information for each domain; we collect this so it can be passed to the registrar and registry to register and maintain the domain.
• Order details — the specific products, plans, terms, add-ons, and configuration options you select.
• Support communications — the content of messages, emails, chat sessions, and other communications you send to us, including any attachments and the details of your request.
• Marketing preferences — your choices about whether and how you would like to receive marketing communications from us.

Payment information

When you pay for a product, your card or other payment details are collected and processed by the GoDaddy-powered payment processor and its payment partners. We do not collect or store full payment card numbers, and we do not process card transactions ourselves. We may receive limited, non-sensitive transaction confirmation data — such as the fact that a payment succeeded or failed, the last four digits of a card, the card brand, or an order reference — so that we can confirm and support your order. Your payment data is handled under the payment processor's and GoDaddy's privacy and security policies.

Information we collect automatically

When you visit our website, we and our service providers automatically collect certain technical and usage information through cookies, server logs, and similar technologies.

• Device and connection data — IP address, browser type and version, operating system, device type, language settings, and similar technical identifiers.
• Usage data — the pages and products you view, the dates and times of your visits, the searches you run, the links you click, the referring URL or source that brought you to us, and how you navigate the storefront.
• Cookies and similar technologies — small data files and identifiers stored on or read from your device, as described in the Cookies section below.

Information we receive from third parties

To fulfil and support your orders, we receive information from the providers who operate the underlying products. This includes order, provisioning, and status updates from GoDaddy and the registrar; the registration, renewal, expiry, and status information for your domains from the registrar and registry; and fraud-prevention, verification, or analytics signals from our service providers. We may combine this information with the data you provide so that we can administer your account and provide support.

3. How we use your information

We use personal information for the purposes described below. Where the GDPR applies, the lawful basis for each use is identified so you understand why we process your data.

• To provide and provision the products you order — we pass your order and registrant details to GoDaddy, the registrar, the registry, and other providers so the products can be registered, set up, renewed, and managed. Lawful basis: performance of a contract with you (and steps taken at your request before entering into it).
• To process payments — we facilitate billing and pass the necessary information to the GoDaddy-powered payment processor to take payment. Lawful basis: performance of a contract; legal obligation (for tax and accounting records).
• To provide customer support — we use your contact details and the content of your communications to respond to your questions and resolve issues. Lawful basis: performance of a contract; our legitimate interests in supporting our customers.
• For account security and fraud prevention — we monitor for, investigate, and help prevent fraudulent, abusive, or unauthorized activity. Lawful basis: our legitimate interests in keeping the Services and our customers secure; legal obligation where applicable.
• To comply with legal, registry, and ICANN obligations — we process and transmit registrant data and retain records as required by ICANN policy, registry requirements, and applicable law. Lawful basis: legal obligation; performance of a contract; our legitimate interests in meeting industry requirements.
• To operate and improve our storefront — we analyze usage to maintain, troubleshoot, secure, and improve our website and Services. Lawful basis: our legitimate interests in running and improving our business; consent where required for non-essential analytics.
• To send service communications — we send transactional and service messages, such as order confirmations, renewal reminders, security notices, and policy updates. Lawful basis: performance of a contract; our legitimate interests; legal obligation where applicable.
• To send marketing communications — where you have opted in or where otherwise permitted by law, we send promotional messages about our products and offers. Lawful basis: consent where required, otherwise our legitimate interests, and you can opt out at any time.

Where we rely on legitimate interests, we balance those interests against your rights and freedoms and do not use your data where those interests are overridden. You can object to processing based on legitimate interests as described in the Your privacy rights section.

4. Cookies and similar technologies

We use cookies and similar technologies (such as pixels, local storage, and software development kits) to operate our website, remember your preferences, and understand how the storefront is used. Cookies are small files placed on your device; similar technologies perform comparable functions.

Types of cookies we use

• Essential cookies — required for the website to function, such as maintaining your session, securing the site, and remembering items in a checkout flow. These cannot be switched off in our systems without breaking core functionality.
• Preference cookies — remember choices you make, such as language or display settings, to provide a more personalized experience.
• Analytics cookies — help us understand how visitors interact with the storefront, which pages are popular, and where we can improve. These are non-essential and, where required by law, are set only with your consent.

How you can control cookies

Where required by applicable law, we ask for your consent before setting non-essential cookies, and you can change your choices at any time through our cookie or consent tool. You can also control cookies through your browser settings — most browsers let you block or delete cookies and warn you before they are set. Blocking some cookies may affect how the website works. To learn more about cookies and how to manage them, see your browser's help documentation.

5. How we share information

We share personal information only as described in this Policy. We do not sell your personal information. The categories of recipients are:

• Service providers and subprocessors — including GoDaddy, the ICANN-accredited registrar, hosting and email providers, certificate authorities, the payment processor, and analytics, security, and support vendors who process data on our behalf or in connection with provisioning and billing the products you buy.
• Domain registries, the registrar, and ICANN — we transmit registrant contact data to the registrar and the relevant registry to register and maintain your domains, and this data may be published in the public WHOIS/RDAP directory as required by ICANN policy and applicable redaction rules, as described in the next section.
• Legal, safety, and compliance recipients — courts, regulators, law-enforcement bodies, ICANN, registries, and other parties where we believe in good faith that disclosure is necessary to comply with law, respond to lawful requests, enforce our agreements, or protect the rights, property, or safety of EnsureDomains, our customers, or others.
• Business-transfer recipients — in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our business or assets, personal information may be transferred to the parties involved, subject to this Policy or a successor policy.
• With your consent — we may share your information with other parties when you direct or authorize us to do so.

We do not sell your personal information, and we do not "share" it for cross-context behavioral advertising in the sense those terms are defined under the CCPA/CPRA.

6. Domain registration and WHOIS data

Registering a domain name involves industry obligations that are distinct from ordinary e-commerce. When you register, renew, or transfer a domain, the registrant, administrative, technical, and billing contact details you provide are collected so the domain can be registered and maintained. ICANN and the relevant registry require this contact data to be accurate and complete, and it is transmitted to the ICANN-accredited registrar and the registry that operates the top-level domain.

Subject to ICANN policy and applicable data-redaction requirements, some registrant contact data may be published in, or made available through, the public WHOIS and Registration Data Access Protocol (RDAP) directories. The extent of publication depends on the registry, the type of domain, and applicable law; many fields are redacted or withheld from public display in line with current ICANN policy and data-protection requirements.

A privacy or proxy service may be available on eligible domains, which can replace certain public contact details with the details of the privacy service so that your personal information is not displayed in the public directory. Availability depends on the registry and the specific top-level domain, and additional terms may apply.

Because domain registration is operated by the registrar and registry, the collection, transmission, publication, retention, and redaction of registrant and WHOIS data are governed by the registrar's and registry's policies and by ICANN requirements, in addition to this Policy. We are not responsible for, and do not control, how the registrar, the registry, or ICANN process or publish registrant data within their systems.

7. Third-party services and links

Our website and Services include products operated by, and links to websites and resources of, third parties — including GoDaddy, the registrar, the registry, the payment processor, and other providers. When you follow a link to, purchase, or use a third-party product or website, your information is collected and handled under that third party's own privacy policy and terms, not this one.

We do not control, and are not responsible for, the privacy practices, content, security, or data handling of these third parties. We encourage you to read the privacy policies of any third-party service before you provide personal information to it or rely on it. References to third-party products on our storefront do not imply that we endorse or are responsible for those parties' privacy practices.

8. Data retention

We retain personal information for as long as it is needed for the purposes described in this Policy. In practice, that means we keep your information while you have an active account or order with us, and afterward as needed to:

• Provide and support the Services and administer your orders and renewals.
• Comply with our legal, registry, ICANN, accounting, and tax obligations, which may require records to be retained for set periods.
• Resolve disputes, respond to claims, and enforce our agreements.
• Maintain reasonable records for security, fraud-prevention, and business-continuity purposes.

When personal information is no longer needed for these purposes, we delete it or anonymize it so it can no longer be associated with you. Note that registrant and WHOIS data held by the registrar and registry is retained under their policies and ICANN requirements, which may differ from our own retention periods.

9. Data security

We use reasonable technical and organizational measures designed to protect personal information against unauthorized access, loss, misuse, alteration, and disclosure. These measures may include encryption in transit, access controls, and limiting access to personal information to those who need it to operate the Services.

However, no method of transmission over the internet and no method of electronic storage is completely secure, and we cannot guarantee absolute security. The security of the underlying products is also subject to the security measures of GoDaddy, the registrar, the registry, and the payment processor.

You play an important role in keeping your information secure. You are responsible for keeping your account credentials confidential, using strong and unique passwords, enabling additional security features where available, and notifying us promptly if you believe your account or any credentials have been compromised.

10. International data transfers

We and our providers — including GoDaddy, the registrar, the registry, and the payment processor — operate internationally. As a result, your personal information may be transferred to, stored in, and processed in the United States and other countries whose data-protection laws may differ from those in your country of residence.

Where we transfer personal data from the European Economic Area, the United Kingdom, or Switzerland to a country that has not been recognized as providing an adequate level of protection, we rely on appropriate safeguards required by applicable law, such as the European Commission's Standard Contractual Clauses (and the UK Addendum or International Data Transfer Agreement where applicable), together with any supplementary measures that may be needed. You may contact us at privacy@ensuredomains.com to request more information about the safeguards we use.

11. Your privacy rights

Depending on where you live and applicable law, you have rights over your personal information. We honor the rights granted to you by the laws that apply to you. To exercise a right, contact us at privacy@ensuredomains.com. Note that some data — such as registrant and WHOIS data held by the registrar or registry — is controlled by those parties, and we may direct or refer your request to them where appropriate.

EEA, UK, and Switzerland (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, you may have the right to:

• Access — obtain confirmation of whether we process your personal data and a copy of it.
• Rectification — have inaccurate or incomplete personal data corrected.
• Erasure — request deletion of your personal data in certain circumstances ('right to be forgotten').
• Restriction — request that we limit how we process your personal data in certain circumstances.
• Portability — receive certain personal data in a structured, commonly used, machine-readable format and, where technically feasible, have it transmitted to another controller.
• Objection — object to processing based on our legitimate interests, and object at any time to processing for direct-marketing purposes.
• Withdraw consent — where we rely on consent, withdraw it at any time without affecting the lawfulness of processing before withdrawal.
• Lodge a complaint — complain to your local data-protection supervisory authority if you believe our processing infringes applicable law.

We will respond to your request within the time required by applicable law. We may need to verify your identity before acting on a request, and certain rights are subject to conditions and exceptions under the GDPR.

United States (CCPA/CPRA and similar state laws)

If you are a resident of California or another US state with a comprehensive privacy law, you may have the right to:

• Know and access — request the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the categories of recipients.
• Delete — request deletion of personal information we have collected about you, subject to legal exceptions.
• Correct — request correction of inaccurate personal information we maintain about you.
• Opt out of "sale" or "sharing" — we do not sell your personal information and do not "share" it for cross-context behavioral advertising as those terms are defined by law, so there is nothing to opt out of, but you retain the right to direct us not to.
• Non-discrimination — exercise your rights without receiving discriminatory treatment in the price or quality of the Services.

To submit a request, email privacy@ensuredomains.com. We will take steps to verify your identity before responding, which may include confirming information we already hold about you. You may use an authorized agent to submit a request on your behalf, in which case we may require proof of the agent's authorization and verification of your identity. We will respond within the timeframes required by applicable law (generally 45 days, extendable where permitted), and where the law provides a right to appeal a decision, we will tell you how to do so.

12. Children's privacy

The Services are intended for businesses and adults and are not directed to children. We do not knowingly collect personal information from children under 16 (or the minimum age required by applicable law in your jurisdiction). If you are under that age, please do not use the Services or provide any personal information.

If we learn that we have collected personal information from a child without appropriate consent, we will take reasonable steps to delete it. If you believe a child has provided us with personal information, please contact us at privacy@ensuredomains.com so we can address it.

13. Marketing communications

Where permitted, we may send you marketing communications about our products, offers, and news. You can opt out of marketing at any time by following the unsubscribe link in our marketing emails, adjusting your preferences where that option is provided, or contacting us at support@ensuredomains.com. We will action your request promptly.

Opting out of marketing does not stop service and transactional messages, which are not marketing. These include order confirmations, renewal and expiry reminders, security and account notices, billing messages, and updates to our policies or terms. We need to send these to operate the Services and meet our obligations to you.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the products we offer, or legal requirements. When we do, we will revise the 'Last updated' date at the top of this Policy and post the updated version on our website.

If we make material changes, we will provide additional notice as required by applicable law, such as by a prominent notice on our website or by contacting you directly. We encourage you to review this Policy periodically so you stay informed about how we handle your information. Your continued use of the Services after an update takes effect indicates your acceptance of the revised Policy, to the extent permitted by law.

15. Contact us and data controller

If you have questions, requests, or complaints about this Privacy Policy or how we handle your personal information, please contact us. The data controller responsible for your personal information is:

• [Legal Entity Name]
• [Registered business address], [State/Country]
• Privacy enquiries: privacy@ensuredomains.com
• General support: support@ensuredomains.com

If you are in the European Economic Area or the United Kingdom, you may contact us using the details above with any privacy questions or to exercise your rights, and you may also lodge a complaint with your local supervisory authority. Where we are required to designate an EU or UK representative under the GDPR, our representative is [EU/UK Representative name and contact details, if applicable], who can be contacted on data-protection matters relating to individuals in those regions.

We will do our best to resolve any concern you raise. Because the underlying products are operated by GoDaddy, the registrar, the registry, and the payment processor under their own privacy policies, some requests may need to be directed to those parties, and we will help point you to the right place where we can.