Back to Home

Compliance & Security

Our commitment to data protection and regulatory compliance.

GDPR Ready

EU data protection compliant

ICANN Compliant

Domain registration standards

PCI-DSS

Secure payment processing

CCPA Compliant

California privacy rights

ICANN Compliance

As a domain reseller, namemyapp operates in compliance with ICANN (Internet Corporation for Assigned Names and Numbers) policies and requirements. Domain registrations are processed through Global Domain Group LLC (GDG), an ICANN-accredited registrar.

Our ICANN Commitments:

  • Compliance with all ICANN consensus policies and specifications
  • Accurate WHOIS data maintenance and verification
  • Adherence to Proxy and Privacy Registration Service specifications
  • Timely response to domain abuse reports and WDRP inquiries
  • Data retention for 2 years post-domain expiration (ICANN requirement)

Registrant Resources:

GDPR Compliance

namemyapp is committed to compliance with the General Data Protection Regulation (GDPR) for all EU users. We have implemented comprehensive measures to ensure data protection:

Your Rights (GDPR)

  • • Right to access your personal data
  • • Right to rectification
  • • Right to erasure ("right to be forgotten")
  • • Right to restrict processing
  • • Right to data portability
  • • Right to object to processing
  • • Right to withdraw consent

Our Commitments

  • • Lawful, fair, and transparent processing
  • • Purpose limitation
  • • Data minimization
  • • Accuracy and up-to-date data
  • • Storage limitation
  • • Integrity and confidentiality
  • • Accountability

Data Processing Legal Basis: We process your data based on contract performance (domain registration), legitimate interests (service improvement), and your consent (marketing communications).

CCPA Compliance

For California residents, we comply with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). You have the following rights:

  • Right to Know: Request disclosure of personal information collected, used, shared, or sold
  • Right to Delete: Request deletion of your personal information (subject to legal exceptions)
  • Right to Opt-Out: Opt-out of the sale of personal information (we do not sell your data)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

Security Measures

Data Encryption

  • In Transit: TLS 1.3 encryption for all data transmission
  • At Rest: AES-256 encryption for sensitive data storage
  • Passwords: Bcrypt hashing with salt

Infrastructure Security

  • DDoS protection via Cloudflare
  • Regular security audits and penetration testing
  • Automated vulnerability scanning
  • 24/7 security monitoring and threat detection

Payment Security (PCI-DSS)

We use Stripe for payment processing, which is PCI-DSS Level 1 certified (the highest level of certification). We never store your full credit card details on our servers. All payment data is handled securely by Stripe's certified infrastructure.

Data Handling & Retention

Data Retention Periods

Domain Registration Data: Retained for duration of registration + 2 years after expiration (ICANN requirement)
Financial Records: 7 years (tax and legal compliance)
Account Data: Retained while account is active, deleted 2 years after inactivity
Support Communications: 3 years for quality assurance and legal compliance
Security Logs: 1 year for security monitoring

Third-Party Data Sharing

We share data only with trusted partners required for service delivery:

  • Domain Registrars: GDG and Dynadot (required for domain registration)
  • Payment Processors: Stripe (PCI-DSS certified, no full card data stored)
  • Analytics: Aggregated, anonymized usage data only
  • Cloud Infrastructure: Vercel, AWS (data residency and encryption compliant)

We do not sell your personal data. See our Privacy Policy for complete details.

Incident Response & Breach Notification

In the unlikely event of a data breach, we have established procedures to respond quickly and transparently:

  1. Immediate Containment: Isolate affected systems and prevent further unauthorized access
  2. Investigation: Assess the scope and impact of the breach
  3. Notification: Notify affected users within 72 hours (GDPR requirement) or as required by applicable law
  4. Regulatory Reporting: Report to relevant data protection authorities as required
  5. Remediation: Implement measures to prevent future incidents

Affected users will be notified via email with details about the breach, potential impact, and recommended protective measures.

Exercising Your Rights

You can exercise your privacy rights through the following methods:

Via Your Account

  • • Update personal information
  • • Manage communication preferences
  • • Download your data
  • • Delete your account

Via Email Request

  • • Request data access
  • • Request data deletion
  • • Object to processing
  • • Request data portability

We will respond to all requests within 30 days (or as required by applicable law). We may request verification of your identity to protect your privacy.

International Compliance

In addition to GDPR and CCPA, we comply with various international privacy and data protection laws:

PIPEDA (Canada)

Personal Information Protection and Electronic Documents Act

LGPD (Brazil)

Lei Geral de Proteção de Dados compliance

APPI (Japan)

Act on the Protection of Personal Information

Compliance Contacts

Data Protection Officer (DPO)

For GDPR-related inquiries and data protection matters:

[email protected]

General Compliance Inquiries

For questions about our compliance practices:

[email protected]

Legal & Regulatory Matters

For legal notices and regulatory communications:

[email protected]

Additional Resources

Privacy Policy

Detailed information about data collection and use

Terms of Service

Our terms including ICANN compliance requirements

Last updated: December 2025. This page is reviewed and updated regularly to reflect current compliance practices and regulatory requirements.