Maxinames (“Maxinames”, “we”, “us”) provides domain registration, web hosting, and related services. This Privacy Policy explains what personal data we collect, why we collect it, who we share it with, how long we keep it, and the rights you have to access, correct, port, restrict, or delete it. It applies to maxinames.com, manage.maxinames.com, and any service we operate. For data we process on behalf of our hosting customers (their visitors' data), the customer is the controller and we are the processor — see the Data processing for hosting customers section below.
1. Who is the data controller?
For the personal data described in this policy, Maxinamesis the “controller” under the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. For requests under those laws or any equivalent data-protection law, contact us at privacy@maxinames.com.
2. Categories of personal data we collect
We collect:
- Account data— name, organisation, postal address, email address, phone number, language, currency, and (where required) tax identifier.
- Authentication data— password hashes, two-factor secrets, security questions, IP addresses of sign-ins, session cookies.
- Billing data— invoices, statements, and payment-method tokens. We never store full card numbers; those are held by our PCI-DSS-compliant payment processors.
- Service data— the configuration of your domains, hosting accounts, and other Services; support tickets and the messages you exchange with our team; survey responses.
- Usage and technical data— IP addresses, user-agent strings, request timestamps, error logs, traffic metrics, server logs.
- Marketing data— only if you opt in: email engagement (opens, clicks), preferences, newsletter subscription state.
- Domain registration data— the contact details required by ICANN and the relevant registry for each domain you register (see Section 5 for details).
We do not knowingly collect special-category data (health, political opinions, religion, etc.). Do not submit such data through the Services unless required by a specific support context.
3. Sources of data
Most of the data we hold comes directly from you when you sign up and use the Services. We also receive data from: payment processors (verification status, partial card details), domain registries (domain status changes), fraud-prevention services (risk signals), authentication providers (SSO, where used), and our own systems (logs, metrics, abuse signals).
4. Why we use your data and our lawful basis
- To provide the Services you ordered— account creation, billing, hosting and registration operations, customer support. Lawful basis: contract.
- To meet legal and regulatory obligations — tax records, accounting, ICANN and registry rules, anti-fraud and sanctions screening, responding to lawful authority. Lawful basis: legal obligation.
- To secure our network and customers— abuse detection, rate limiting, vulnerability scanning, incident response, audit logging. Lawful basis: legitimate interests.
- To improve the Services— aggregate analytics, A/B testing on non-essential UI, customer surveys. Lawful basis: legitimate interests; consent for non-essential cookies.
- To send service-related messages— renewal reminders, security alerts, scheduled maintenance, incident notifications. Lawful basis: contract.
- To send marketing communications— product news and offers, only after explicit opt-in. You can withdraw consent at any time via the unsubscribe link. Lawful basis: consent.
5. Domain registration data and WHOIS
When you register a domain, ICANN and the relevant registry require us to collect and submit specific contact information (registrant, administrative, technical, and billing contacts). Some of this information may be published in the public WHOIS / RDAP database depending on the TLD and applicable policy.
For most generic TLDs we offer free WHOIS privacy that replaces your contact details with proxy details in the public record. Privacy is not available on certain TLDs whose registry policy forbids it (notably .us, .ca, and certain conditions on .eu) and we will tell you at registration when this is the case. ICANN may also publish its rights and responsibilities for registrants (the “Registrants' Benefits and Responsibilities” specification), which we make available on request.
6. Cookies and similar technologies
We use cookies in three categories:
- Strictly necessary— required for authentication, cart, security, and load-balancing. Cannot be disabled.
- Functional— remember your preferences (language, currency, layout). Optional.
- Analytics— help us understand how the site is used in aggregate. We use privacy-preserving analytics tools and IP anonymisation. Optional.
You can manage cookie preferences in our cookie banner, in your browser settings, or by sending Do Not Track signals where your browser supports them. We do not use cross-site advertising cookies or sell behavioural data.
7. Who we share your data with
We share personal data only:
- With registries and registrar partners as required to register, transfer, renew, or manage your domains.
- With sub-processors acting on our behalf under written data-processing agreements that bind them to security and confidentiality obligations equivalent to ours. Categories include payment processors, transactional email providers, error-tracking and observability tools, abuse-mitigation providers, and infrastructure providers. A current list of sub-processors is available on request.
- With professional advisors (auditors, lawyers, accountants) under confidentiality.
- With authorities when required by law, court order, or to enforce our Terms or protect our rights, property, or safety, or the rights, property, or safety of others.
- In a corporate transaction— if we are acquired or merge with another company, customer data may transfer as part of that transaction, subject to the same protections.
We do not sell or rent your personal data. We do not share it with third parties for their own marketing.
8. International data transfers
Our primary processing is in the European Union and the United Kingdom. Some sub-processors may process data outside the EU/UK (for example, payment processors and email-delivery providers in the United States). Where this happens, we rely on the European Commission's and the UK Information Commissioner's Standard Contractual Clauses, supplemented where necessary by additional technical safeguards (encryption in transit and at rest, access controls, contractual restrictions).
9. How long we keep data
- Active account data: for the lifetime of your account.
- Billing and invoice records: seven years (statutory retention for tax and accounting).
- Domain registration data: for the registration term plus any retention period required by ICANN or the registry.
- Server and access logs: 90 days (or until any related security investigation closes).
- Support tickets: 24 months after closure.
- Backups: rolling 30-day window for operational backups; longer for legal-hold copies.
- Closed accounts: minimal data retained as required for legal, tax, and audit purposes; the rest is deleted or anonymised within 90 days of closure.
10. Your rights
Depending on where you live, you have some or all of these rights:
- Access— obtain a copy of the personal data we hold about you.
- Rectification— correct inaccurate or incomplete data.
- Erasure— ask us to delete your data, subject to retention obligations.
- Restriction— ask us to pause processing in specific cases.
- Portability— receive your data in a structured, commonly-used, machine-readable format.
- Objection— object to processing based on legitimate interests, including profiling.
- Withdraw consent— for any processing based on consent (e.g. marketing emails).
- Lodge a complaint— with your local data protection authority. In the UK that is the Information Commissioner's Office (ico.org.uk).
To exercise any of these rights, email privacy@maxinames.com. We respond within 30 days; in complex cases we may extend by up to 60 days, with notice. We may request reasonable identity verification before acting on a request.
11. Children's data
The Services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided data to us, contact privacy@maxinames.com and we will delete it.
12. Security and breach notification
We protect your data with administrative, technical, and physical safeguards, including encryption in transit and at rest, role- based access controls, mandatory two-factor authentication for staff with production access, regular dependency and infrastructure patching, and continuous monitoring. No system is completely secure; if we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and the affected individuals without undue delay, in the manner required by applicable law.
13. Data processing for hosting customers
When you use Maxinames hosting to operate a website that collects data from your own visitors, you are the controller of that data and we are the processor. We process visitor data only to operate your hosting Service. A data-processing addendum (DPA) implementing the Standard Contractual Clauses is available on request and forms part of your contract with us.
14. Changes to this policy
We may update this policy as our practices change or to comply with new laws. The date at the top of the page shows when it was last updated. Material changes are emailed to your billing contact and posted in the dashboard at least 30 days in advance.
15. Contact
For privacy questions, requests, or concerns, email privacy@maxinames.com. For general support, write to support@maxinames.com.
This document is provided for informational use and does not constitute legal advice. Have qualified counsel review it before relying on it for your specific situation.