Your privacy is fundamental to our security-first approach. Learn how we protect and handle your data.
We collect only the data necessary to provide secure domain services and comply with regulations.
Name, email, billing information for account creation and service delivery
Login credentials, security settings, authentication logs, and API keys
Domain names, DNS records, configuration changes, and management activities
Transaction data, IP addresses, device information, and risk assessments
Under GDPR and other privacy laws, you have comprehensive rights over your personal data.
To exercise any of these rights, please contact us through our contact form.
Contact UsWe collect information necessary to provide domain management and fraud detection services. This includes: (1) Account information (name, email, billing details), (2) Domain and DNS data (domain names, DNS records, configuration), (3) Fraud detection data (transaction details, IP addresses, device fingerprints), and (4) Usage analytics for service improvement. All data collection complies with GDPR Article 6 lawful bases.
Your information is used to: (1) Provide domain management and DNS services, (2) Detect and prevent fraud through AI-powered analysis, (3) Maintain platform security and integrity, (4) Improve our services and develop new features, (5) Communicate service updates and security alerts, (6) Comply with legal obligations and regulatory requirements. Processing is based on contract performance, legitimate interests, and legal compliance under GDPR.
We share information only as necessary: (1) With DNS providers for domain resolution, (2) With cloud infrastructure providers (AWS) under Data Processing Agreements, (3) With law enforcement when legally required, (4) With payment processors for billing (PCI DSS compliant), (5) With security services for fraud prevention. All third parties are bound by strict confidentiality and data protection obligations. We never sell your personal data.
We implement industry-leading security measures: (1) Encryption at rest (AES-256) and in transit (TLS 1.3), (2) Multi-factor authentication and API key security, (3) Regular security audits and penetration testing, (4) AI-powered threat detection and monitoring, (5) Access controls and audit logging, (6) Incident response procedures. We are working toward SOC 2 Type II and ISO 27001 certification (target: Q2 2026).
For EU/EEA residents, we comply with GDPR requirements: (1) Lawful basis for all processing activities, (2) Data minimization and purpose limitation, (3) Your rights to access, rectification, erasure, and portability, (4) Right to object and restrict processing, (5) Data breach notification within 72 hours, (6) Data Protection Impact Assessments for high-risk processing. Contact privacy@habilisdomains.com for GDPR requests.
Your data may be processed in countries outside your residence. We ensure adequate protection through standard contractual clauses, adequacy decisions, or other approved mechanisms under applicable data protection laws.
We use essential cookies for service functionality, analytics cookies to understand usage patterns, and security cookies for fraud detection. You can control non-essential cookies through your browser settings or our cookie preferences center.
Our services are not intended for individuals under 18. We do not knowingly collect personal information from children. If we become aware of such collection, we will delete the information promptly.
We may update this privacy policy to reflect changes in our practices or legal requirements. Material changes will be announced prominently on our website with 30 days advance notice.
We believe privacy is a fundamental right. Our security-first architecture protects your data with the same rigor we protect your domains.