Web Analytics Made Easy - Statcounter
Privacy Policy | GotTLDs - Web3 Domain Education & Search Platform
GotTLDs Logo

Privacy Policy

Effective Date: January 1, 2025 | Last Updated: January 1, 2025

GDPR, CCPA & Web3 Compliant

1. Introduction & Scope

Welcome to GotTLDs' Privacy Policy. This policy explains how we collect, use, protect, and share your personal information when you use our Website, purchase TLD assets, or interact with our blockchain-based services.

Who We Are: GotTLDs ("we," "us," or "our") is a provider of Web3-enabled top-level domain services. We are committed to protecting your privacy while delivering cutting-edge blockchain domain solutions.

Your Privacy Rights: We comply with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws. You have rights regarding your personal data, which we detail below.

By using GotTLDs, you consent to the data practices described in this Privacy Policy.

2. Information We Collect

A. Personal Information You Provide:

  • Account Information: Name, email address, username
  • KYC/Identity Verification: Government ID, passport, proof of address (when required)
  • Payment Information: Cryptocurrency wallet addresses, transaction hashes
  • Communication Data: Support tickets, emails, chat messages
  • Profile Data: Preferences, settings, account history

B. Automatically Collected Information:

  • Device Data: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, time spent, click patterns, referral sources
  • Cookies & Tracking: Session cookies, analytics cookies, preference cookies
  • Location Data: Approximate geographic location (via IP address)

C. Blockchain & Web3 Data:

  • Public Blockchain Data: Wallet addresses, transaction history, TLD ownership records
  • Smart Contract Interactions: On-chain activity, gas fees, timestamps
  • NFT Metadata: Token IDs, ownership transfers, marketplace activity

Important: Blockchain data is publicly visible and immutable. We cannot delete or modify on-chain information.

3. How We Use Your Information

We use your personal information to:

  • Service Delivery: Process TLD purchases, manage accounts, facilitate blockchain transactions
  • Compliance: Verify identity (KYC/AML), prevent fraud, comply with legal obligations
  • Communication: Send transaction confirmations, account updates, support responses
  • Improvement: Analyze usage patterns, optimize platform performance, develop new features
  • Marketing: Send promotional emails (with consent), newsletters, product updates
  • Security: Detect threats, prevent unauthorized access, protect platform integrity
  • Legal Protection: Enforce terms, resolve disputes, defend legal claims

Legal Bases for Processing (GDPR):

  • Contractual Necessity: To fulfill our agreement with you
  • Legal Obligation: To comply with KYC/AML and regulatory requirements
  • Legitimate Interests: Fraud prevention, security, platform improvement
  • Consent: For marketing communications (you may withdraw anytime)

4. How We Share Your Information

We may share your information with:

A. Service Providers:

  • Blockchain infrastructure providers (node hosting, smart contract deployment)
  • KYC/AML verification services (identity verification partners)
  • Payment processors and cryptocurrency exchanges
  • Cloud hosting and data storage providers
  • Analytics and marketing tools (Google Analytics, email platforms)
  • Customer support software providers

B. Legal & Regulatory:

  • Law enforcement or government authorities (when legally required)
  • Regulators and compliance agencies (AML/KYC reporting)
  • Courts and legal proceedings (subpoenas, court orders)
  • Fraud prevention and security services

C. Business Transfers:

  • In the event of merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity
  • We will notify you of any change in ownership or control

D. With Your Consent:

  • When you explicitly authorize us to share with third parties
  • For marketing partnerships (only with opt-in consent)

We do NOT sell your personal information to data brokers or advertisers.

5. Data Security & Protection

We implement industry-standard security measures including:

  • Encryption: TLS/SSL encryption for data in transit, AES-256 encryption at rest
  • Access Controls: Role-based access, multi-factor authentication (MFA)
  • Security Monitoring: 24/7 threat detection, intrusion prevention systems
  • Regular Audits: Security audits, penetration testing, vulnerability assessments
  • Data Minimization: We collect only necessary data and delete when no longer needed
  • Employee Training: Staff educated on data protection and privacy best practices

Important: No system is 100% secure. While we use best practices, we cannot guarantee absolute security.

Your Responsibilities:

  • Keep your account credentials confidential
  • Secure your cryptocurrency wallet and private keys
  • Use strong, unique passwords
  • Enable two-factor authentication (2FA)
  • Report suspicious activity immediately

6. Data Retention

How long we keep your data:

  • Account Data: Retained while your account is active, plus 7 years for legal/tax requirements
  • KYC/AML Records: Retained for 5-7 years as required by financial regulations
  • Transaction History: Retained indefinitely for audit and compliance purposes
  • Blockchain Data: Permanent and immutable (cannot be deleted)
  • Marketing Data: Until you unsubscribe or request deletion
  • Logs & Analytics: Typically 12-24 months, then aggregated or deleted

After Retention Period: Data is securely deleted or anonymized unless legal obligations require longer retention.

7. Cookies & Tracking Technologies

We use cookies and similar technologies for:

Types of Cookies:

  • Essential Cookies: Required for site functionality (login, security, transactions)
  • Performance Cookies: Analytics to improve user experience (Google Analytics)
  • Functional Cookies: Remember preferences and settings
  • Marketing Cookies: Track ad effectiveness and user interests (with consent)

Managing Cookies:

  • You can disable cookies via browser settings
  • Note: Disabling cookies may limit site functionality
  • We honor "Do Not Track" signals where legally required

Third-Party Tracking:

  • Google Analytics (analytics and reporting)
  • Social media pixels (Facebook, Twitter, LinkedIn)
  • Marketing platforms (email tracking, conversion pixels)

8. Your Privacy Rights

A. GDPR Rights (European Users)

If you are in the European Economic Area (EEA), you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data (subject to legal obligations)
  • Right to Restriction: Limit how we process your data
  • Right to Data Portability: Receive your data in machine-readable format
  • Right to Object: Object to processing based on legitimate interests or marketing
  • Right to Withdraw Consent: Withdraw consent for marketing or optional processing
  • Right to Lodge a Complaint: File complaints with your local data protection authority

B. CCPA Rights (California Users)

If you are a California resident, you have the following rights:

  • Right to Know: What personal information we collect, use, and share
  • Right to Delete: Request deletion of your personal information (with exceptions)
  • Right to Opt-Out: Opt out of the "sale" of personal information (we do not sell data)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights
  • Authorized Agent: You may designate an agent to submit requests on your behalf

C. How to Exercise Your Rights

To exercise any of these rights, please contact us at:

[email protected]

We will respond within 30 days (GDPR) or 45 days (CCPA)

D. Verification Process

To protect your privacy, we may require verification of your identity before processing requests. This may include:

  • Email confirmation
  • Account authentication
  • Government ID verification (for sensitive requests)

Note: Blockchain data cannot be deleted due to its immutable nature. We can only delete off-chain data.

9. International Data Transfers

Cross-Border Data Processing: Your personal information may be transferred to and processed in countries outside your jurisdiction, including the United States.

Safeguards for EU Users:

  • We use Standard Contractual Clauses (SCCs) approved by the European Commission
  • We work with service providers that comply with GDPR-equivalent protections
  • Data transfers are necessary for contract performance or with your consent

By using GotTLDs, you consent to the transfer of your data to jurisdictions with different data protection laws.

10. Children's Privacy

Age Restriction: GotTLDs services are NOT intended for children under 18 years of age.

We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at [email protected].

If we discover we have collected data from a child under 18, we will delete it promptly.

11. Third-Party Links & Services

Our Website may contain links to third-party websites, wallets, or services (e.g., MetaMask, Freename, blockchain explorers, social media platforms).

Important: We are NOT responsible for the privacy practices of external sites. Each third-party service has its own privacy policy, which you should review.

Third-Party Services We Integrate:

  • Cryptocurrency wallets (e.g., MetaMask, WalletConnect)
  • Blockchain explorers (e.g., Etherscan, Polygonscan)
  • Social media platforms (Twitter, Discord, LinkedIn)
  • Analytics providers (Google Analytics)

We encourage you to read the privacy policies of any third-party services you use.

12. Blockchain Transparency & Public Data

CRITICAL NOTICE: Blockchain Data is Public and Permanent

Understanding Blockchain Privacy:

  • Public Ledger: All blockchain transactions are publicly visible on distributed networks
  • Immutable Records: On-chain data cannot be edited, deleted, or hidden
  • Wallet Addresses: Your wallet address and transaction history are permanently public
  • TLD Ownership: Domain ownership records are stored on-chain and viewable by anyone
  • Smart Contract Interactions: All interactions with our smart contracts are public

What This Means for You:

  • Anyone can see your wallet address and TLD holdings
  • Transaction amounts and timestamps are public
  • Blockchain explorers (Etherscan, etc.) display this data openly
  • We cannot delete or hide on-chain information, even if you request it

Privacy Best Practices:

  • Consider using separate wallets for different purposes
  • Avoid linking personal information to your wallet address publicly
  • Understand that blockchain provides pseudonymity, not anonymity

By using blockchain-based services, you acknowledge and accept that on-chain data is permanently public.

13. Marketing Communications

Email Marketing: With your consent, we may send you promotional emails about new TLDs, features, offers, and industry news.

Opting Out:

  • Click "Unsubscribe" in any marketing email
  • Update preferences in your account settings
  • Email [email protected] with opt-out request

Transactional Emails: You will still receive essential service emails (purchase confirmations, account security alerts, legal notices) even if you opt out of marketing.

14. Changes to This Privacy Policy

Updates: We reserve the right to modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or business operations.

Notification:

  • Material changes will be posted on this page with an updated "Last Updated" date
  • For significant changes, we may notify you via email or prominent Website notice
  • Continued use after changes constitutes acceptance

Your Responsibility: Please review this Privacy Policy periodically to stay informed about how we protect your data.

15. Data Breach Notification

In the Event of a Data Breach: If we experience a security incident that compromises your personal information, we will:

  • Notify affected users within 72 hours (GDPR requirement)
  • Report to relevant data protection authorities as required by law
  • Provide details about what data was affected and steps we're taking
  • Offer guidance on protecting yourself (e.g., password reset, fraud monitoring)

Your Actions: If you suspect unauthorized access to your account, change your password immediately and contact us at [email protected].

Contact Our Privacy Team

For privacy-related questions, requests, or concerns:

Email (General Privacy Inquiries)

[email protected]

Email (Data Subject Requests)

[email protected]

Email (Security Issues)

[email protected]

GotTLDs Privacy Office
Delaware, USA
Response Time: 30-45 business days

EU Representative (GDPR Article 27)

For users in the European Economic Area (EEA), you may contact our EU data protection representative at:

[email protected]

Or file complaints with your local supervisory authority.

YOUR PRIVACY MATTERS

By using GotTLDs, you acknowledge that you have read, understood, and agree to this Privacy Policy. We are committed to protecting your data and respecting your privacy rights under GDPR, CCPA, and other applicable laws.

About GotTLDs: Education & Search Platform

GotTLDs is a Web3 domain education and search platform that helps you learn about and discover blockchain domains.

We provide comprehensive information, comparisons, and search tools. When you're ready to purchase, we connect you with our trusted partner Freename.com who processes all transactions and provides real-time pricing and support.

CRITICAL PRIVACY NOTICE: Third-Party Data Collection

Your transaction data will be collected and processed by Freename.com

16. Freename.com Data Collection & Processing

IMPORTANT: GotTLDs Does NOT Process Your Transaction Data

Data Collection Notice: Because GotTLDs is a referral/pass-through platform, we do NOT collect, process, or store your payment information, blockchain transaction data, or KYC/identity verification documents.

What Data GotTLDs Collects:

  • Pre-Purchase Only: Email address (if you sign up for updates), browsing behavior, cookies
  • We DO NOT Collect: Payment details, wallet addresses, KYC documents, transaction history

What Data Freename.com Collects:

When you are redirected to Freename.com to complete your TLD purchase, Freename will collect:

  • Personal Information: Name, email, phone number, billing address
  • Payment Data: Cryptocurrency wallet addresses, payment transaction details
  • KYC/Identity Verification: Government ID, passport, proof of address (if required)
  • Blockchain Data: Wallet addresses, transaction hashes, smart contract interactions
  • Account Data: Freename account credentials, preferences, domain portfolio
  • Technical Data: IP address, device information, browser data

FREENAME.COM'S PRIVACY POLICY GOVERNS HOW THEY COLLECT, USE, AND PROTECT YOUR TRANSACTION DATA. WE STRONGLY RECOMMEND READING THEIR PRIVACY POLICY BEFORE PROCEEDING.

Review Freename's Privacy Policy:

Freename Privacy Policy

17. Data Sharing with Freename.com

Limited Data Sharing: GotTLDs may share the following data with Freename.com:

  • Referral Information: That you were referred from GotTLDs (for tracking purposes)
  • TLD Interest: Which TLD you clicked to purchase (e.g., .pulse, .motorsports)
  • Marketing Consent: If you opted in to receive updates (email address only)

We DO NOT Share:

  • Any personal data beyond referral tracking
  • Your browsing history or behavioral data
  • Any information you haven't explicitly provided

Direct Data Collection: Once you land on Freename.com, they collect your data directly. We have no control over or access to the data Freename collects during your transaction.

18. Your Privacy Rights & Freename Transactions

Important Clarification: Your privacy rights are split between two entities:

For GotTLDs Data:

  • Exercise GDPR/CCPA rights with us
  • Request access/deletion via [email protected]
  • Unsubscribe from marketing emails
  • Manage cookie preferences

For Freename Data:

  • Exercise privacy rights directly with Freename
  • Contact Freename's privacy team
  • Request transaction data access/deletion
  • Manage Freename account settings

Limitation:

GotTLDs CANNOT access, modify, or delete data stored by Freename.com. For any requests related to your transaction data, payment information, KYC documents, or Freename account, you must contact Freename directly at their privacy email.

Freename Contact for Privacy Requests:

19. Freename Data Breaches & Security

Security Responsibility: Freename.com is responsible for the security of your transaction data, payment information, and personal details collected during the purchase process.

In the Event of a Freename Data Breach:

  • Freename is required to notify affected users per GDPR/CCPA requirements
  • GotTLDs will NOT be notified unless Freename chooses to inform us
  • Breach notifications will come directly from Freename
  • GotTLDs is NOT liable for Freename security incidents

Your Responsibility: Monitor your Freename account for security alerts and enable two-factor authentication (2FA) on your Freename account.