Legal
Privacy Policy
Last updated July 17, 2026. The short version: we collect what running a registrar requires, share it only where the service demands, and sell it to no one.
What we collect
Account data — your email address, password (stored hashed), and security settings like two-factor enrollment and trusted devices.
Registrant contact data — name, postal address, email, and phone for domain registrations. ICANN and the registries require this; it's the one category we can't make optional.
Order and payment data — what you bought and when. Card payments are processed by Stripe; your card number never touches our servers. We keep only the card's last four digits and expiry so you can recognise it.
Operational logs — sign-in events with IP addresses (that's how we can alert you to a login from somewhere new), support tickets, and standard web server logs, kept on a rolling retention.
What we don't do
No selling of personal data, no advertising trackers, no third-party analytics cookies. The only cookies we set are the essential ones: your session and CSRF protection. Your theme preference lives in your own browser's storage and never leaves it.
WHOIS privacy
WHOIS privacy is free and on by default for every eligible domain: public WHOIS/RDAP shows proxy contact details instead of yours. Registries and escrow agents still receive the real data — that's a condition of registration — and we disclose it when a legally valid request compels us to.
Who we share with
Only what each party needs to deliver the service: our upstream registrar and the relevant registries (registrant data, as required to register a domain), ICANN-mandated data escrow, Stripe (payments), our email delivery provider (the notices we send you), and our cloud infrastructure and error-monitoring providers (operational data). Each is bound to use the data only for the service they provide to us.
How long we keep it
Account and registration records: for the life of your account plus what registrar accreditation requires (generally two years past the registration's life). Operational logs: rolling weeks, not years. Closed-account data is deleted or anonymised once those obligations lapse.
Your choices and rights
You can see and edit your contact data in the panel, export your DNS zones, and turn off any non-essential email. Depending on where you live (GDPR, CCPA and friends) you may have rights to access, correct, delete, or port your data — email us and a person will handle it. You can also complain to your local data-protection authority, though we'd rather you talk to us first.
Contact
Privacy questions and requests: support@nameyarn.com.