1. Information We Collect

We collect various types of information to provide, maintain, and improve our services:

1.1 Personal Information You Provide

Information you voluntarily provide when creating an account or using our services:

• Account Information: Name, email address, phone number, username, password
• Profile Information: Profile picture, bio, business name, company details
• Billing Information: Credit/debit card details, bank account information, billing address
• Verification Documents: Government-issued ID, proof of address, tax identification numbers
• Contact Information: Mailing address, alternative phone numbers
• Communication Preferences: Newsletter subscriptions, notification settings

1.2 Transaction Information

Data related to your domain marketplace activities:

• Domain names listed, purchased, or sold
• Pricing information and negotiation history
• Transaction amounts, dates, and payment methods
• Escrow account details and transaction status
• Domain transfer information and registrar details
• Buyer-seller communications and messages
• Feedback, ratings, and reviews
• Dispute history and resolution records

1.3 Technical and Usage Information

Automatically collected when you use our Site:

• Device Information: Device type, operating system, browser type and version, screen resolution
• Log Data: IP address, access times, pages viewed, time spent on pages
• Location Data: Approximate geographic location based on IP address
• Cookies and Tracking: Cookie IDs, session data, advertising IDs
• Navigation Data: Clickstream data, referral URLs, search queries
• Performance Data: Page load times, error messages, technical issues

1.4 Communications

Information from your interactions with us:

• Customer support inquiries and correspondence
• Emails, chat messages, and phone call recordings
• Survey responses and feedback forms
• Social media interactions and mentions
• Comments, reviews, and forum posts

1.5 Information from Third Parties

Data we receive from external sources:

• Social Media: Profile information from social login services (Facebook, Google, LinkedIn)
• Payment Processors: Transaction status and verification from Stripe, PayPal
• Identity Verification: Background checks and verification results from identity services
• Marketing Partners: Analytics and advertising data from partners
• Public Records: Domain ownership records, WHOIS data, business registrations

2. How We Use Your Information

We use the information we collect for various legitimate business purposes:

2.1 Service Provision and Operations

• Create and manage your account
• Process domain listings, purchases, and sales
• Facilitate escrow transactions and payments
• Enable domain transfers between buyers and sellers
• Provide customer support and respond to inquiries
• Process subscription payments for buyer plans and premium listings
• Manage NDA services and confidential transactions

2.2 Security and Fraud Prevention

• Verify user identity and prevent fraudulent activity
• Detect and prevent security threats, abuse, and illegal activities
• Monitor transactions for suspicious patterns
• Protect against unauthorized access and cyber attacks
• Investigate and resolve disputes between users
• Comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations

2.3 Communication and Marketing

• Send transactional emails (account updates, transaction confirmations, receipts)
• Provide customer support and respond to inquiries
• Send service announcements and security alerts
• Deliver promotional offers, newsletters, and marketing materials (with your consent)
• Notify you about new features, updates, and improvements
• Conduct surveys and gather feedback

2.4 Personalization and Improvement

• Personalize your experience and recommend relevant domains
• Analyze usage patterns to improve Site functionality
• Conduct A/B testing and feature development
• Generate analytics and business intelligence
• Optimize search results and filtering options
• Develop new features and services

2.5 Legal and Compliance

• Comply with legal obligations, court orders, and regulatory requirements
• Enforce our Terms of Service and other agreements
• Maintain records for tax reporting and financial audits
• Respond to government requests and law enforcement
• Protect our legal rights and interests
• Facilitate business transfers (mergers, acquisitions, asset sales)

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, and Switzerland, we process personal data based on:

• Consent: You have given explicit consent for processing (e.g., marketing communications)
• Contract Performance: Processing is necessary to fulfill our contractual obligations (e.g., facilitating transactions)
• Legal Obligation: Processing is required by law (e.g., tax reporting, KYC/AML compliance)
• Legitimate Interests: Processing serves our legitimate business interests (e.g., fraud prevention, service improvement) without overriding your rights
• Vital Interests: Processing is necessary to protect someone's life

4. Sharing Your Information

We do not sell, rent, or trade your personal information. We may share your information in the following circumstances:

4.1 With Other Users

• Domain listings and pricing information are publicly visible
• Your username and profile information may be displayed on listings
• Contact information may be shared with serious buyers/sellers during negotiations
• Transaction history and ratings may be visible to other users
• NDA-protected listings keep seller information confidential until agreement

4.2 With Service Providers and Business Partners

We share data with trusted third parties who help us operate our business:

• Payment Processors: Stripe, PayPal for transaction processing
• Escrow Services: Escrow.com, Dan.com for secure transactions
• Cloud Hosting: AWS, Google Cloud for data storage and infrastructure
• Email Services: SendGrid, Mailchimp for email delivery
• Analytics: Google Analytics, Mixpanel for usage analysis
• Customer Support: Intercom, Zendesk for help desk services
• Identity Verification: Jumio, Onfido for KYC compliance
• Security: Cloudflare for DDoS protection and CDN services
• Marketing: Google Ads, Facebook Ads for advertising campaigns

These service providers are contractually obligated to protect your data and use it only for specified purposes.

4.3 For Legal Reasons

• Comply with laws, regulations, legal processes, or government requests
• Enforce our Terms of Service and other agreements
• Investigate potential violations or fraudulent activity
• Protect the rights, property, and safety of Uncle Domains, our users, or the public
• Respond to claims of intellectual property infringement
• Cooperate with law enforcement investigations

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our Site of any such change in ownership or control.

4.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

4.6 Aggregated and De-identified Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you for research, marketing, analytics, or other purposes.

5. International Data Transfers

Uncle Domains operates globally, and your information may be transferred to, stored, and processed in countries other than your country of residence, including India and the United States.

When we transfer data internationally, we implement appropriate safeguards:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements (DPAs) with service providers
• Adequacy decisions by relevant data protection authorities
• Binding Corporate Rules (BCRs) where applicable
• Your explicit consent for specific transfers

For EEA users, data transfers to countries outside the EEA are made in compliance with GDPR requirements.

6. Security of Your Information

We implement comprehensive technical, administrative, and physical security measures to protect your data:

Technical Safeguards

• Encryption: TLS/SSL encryption for data in transit, AES-256 encryption for data at rest
• Access Controls: Role-based access control (RBAC) with least privilege principle
• Authentication: Multi-factor authentication (MFA) for accounts
• Firewalls: Network segmentation and firewall protection
• Intrusion Detection: Real-time monitoring and intrusion detection systems
• Vulnerability Management: Regular security audits and penetration testing
• DDoS Protection: Cloudflare protection against distributed denial-of-service attacks

Administrative Safeguards

• Background checks for employees with data access
• Mandatory security training and awareness programs
• Confidentiality agreements and data protection policies
• Incident response plan and breach notification procedures
• Regular security reviews and compliance audits

Physical Safeguards

• Secure data centers with restricted physical access
• Surveillance and monitoring of facilities
• Environmental controls (fire suppression, climate control)
• Backup power and redundancy systems

7. Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to enhance user experience and analyze Site usage. For detailed information about our cookie practices, please review our Cookie Policy.

You can manage cookie preferences through:

• Our Cookie Preference Center (accessible in the footer)
• Your browser settings
• Third-party opt-out tools (NAI, DAA, EDAA)

8. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

8.1 General Rights (All Users)

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal obligations)
• Opt-Out: Unsubscribe from marketing communications at any time

8.2 GDPR Rights (EEA, UK, Switzerland)

• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Restriction: Request restriction of processing in certain circumstances
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time (without affecting lawfulness of prior processing)
• Right to Lodge a Complaint: File a complaint with your local data protection authority
• Automated Decision-Making: Object to decisions based solely on automated processing

8.3 CCPA/CPRA Rights (California Residents)

• Right to Know: Know what personal information is collected, used, shared, or sold
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt out of sale or sharing of personal information
• Right to Correct: Request correction of inaccurate information
• Right to Limit: Limit use of sensitive personal information
• Right to Non-Discrimination: Not be discriminated against for exercising privacy rights

How to Exercise Your Rights

To exercise any of these rights:

• Email us at privacy@uncledomains.com or hi@uncledomains.com
• Use the "Privacy Settings" section in your account dashboard
• Click "Unsubscribe" in marketing emails
• Submit a request through our online form (if available)

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing requests to protect your privacy and security.

9. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

Retention Periods

• Account Information: Retained while your account is active, plus 3 years after closure
• Transaction Records: Minimum 7 years for tax and legal compliance
• Payment Information: Retained by payment processors per PCI-DSS requirements
• Communications: 2-5 years depending on type and purpose
• Marketing Data: Until you opt-out or 2 years of inactivity
• Technical Logs: 90 days to 1 year for security and troubleshooting
• Legal/Dispute Records: Duration of legal requirement or dispute, plus 3 years

Deletion Process

When data is no longer needed, we securely delete or anonymize it. However, we may retain certain information where legally required (tax records, fraud prevention) or where we have a legitimate business need (resolving disputes, enforcing agreements).

10. Children's Privacy

Our services are not intended for individuals under 18 years of age (or the minimum legal age in your jurisdiction). We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@uncledomains.com. We will promptly investigate and delete such information from our systems.

If we discover we have collected information from a child without parental consent, we will delete that information as quickly as possible and terminate the associated account.

11. Marketing Communications

With your consent, we may send you promotional emails about new features, special offers, domain recommendations, and other updates we think may interest you.

Opt-Out Options

You can opt out of marketing communications at any time by:

• Clicking the "Unsubscribe" link in any marketing email
• Updating your email preferences in your account settings
• Contacting us at hi@uncledomains.com

Note: Even if you opt out of marketing emails, we will still send you transactional and service-related communications (account notifications, transaction confirmations, security alerts) that are necessary for the operation of your account.

12. Third-Party Links and Services

Our Site may contain links to third-party websites, services, or applications. This Privacy Policy does not apply to those external sites, and we are not responsible for their privacy practices.

We encourage you to review the privacy policies of any third-party sites you visit. Examples include:

• Domain registrars and hosting providers
• Payment processors and financial institutions
• Social media platforms
• Partner marketplaces and advertising networks

13. California Privacy Rights

California residents have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

Information We Collect

Categories of personal information collected in the past 12 months:

• Identifiers (name, email, IP address)
• Financial information (payment details)
• Commercial information (transaction history)
• Internet activity (browsing behavior)
• Geolocation data (approximate location)
• Professional information (business details)

Sale and Sharing of Personal Information

We do not sell personal information in the traditional sense. However, sharing data with advertising partners may constitute a "sale" or "sharing" under CCPA/CPRA.

To opt out: Click "Do Not Sell or Share My Personal Information" in the footer or email hi@uncledomains.com.

"Shine the Light" Law

California residents may request information about disclosure of personal information to third parties for direct marketing purposes. Contact us at hi@uncledomains.com with "California Shine the Light Request" in the subject line.

14. Nevada Privacy Rights

Nevada residents have the right to opt out of the sale of certain covered information. While we do not currently sell personal information as defined by Nevada law, you may submit an opt-out request by emailing hi@uncledomains.com with "Nevada Opt-Out Request" in the subject line.

15. Data Breach Notification

In the unlikely event of a data breach that compromises your personal information, we will:

• Investigate and assess the scope and impact of the breach
• Notify affected users via email within 72 hours (or as required by law)
• Report the breach to relevant authorities and regulatory bodies
• Provide guidance on steps you can take to protect yourself
• Implement measures to prevent future breaches
• Offer credit monitoring or identity protection services if appropriate

If you suspect a security incident or breach, please report it immediately to hi@uncledomains.com.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other operational needs.

How We Notify You

• Update the "Effective Date" at the top of this policy
• Post a prominent notice on our homepage for 30 days
• Send email notifications to registered users for material changes
• Display a banner notification upon your next login

Material changes include modifications to:

• Types of personal information collected
• Purposes for which information is used
• Third parties with whom information is shared
• Your rights and choices
• International data transfers

Continued use of our services after changes become effective constitutes acceptance of the updated policy. If you do not agree with the changes, you should discontinue using our services and may request account deletion.

We maintain a version history of this Privacy Policy. You can request previous versions by contacting privacy@uncledomains.com.

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Protection Officer (DPO)

For GDPR-related inquiries, you may contact our Data Protection Officer at:
Email: hi@uncledomains.com

EU Representative

If you are located in the European Union and wish to contact our EU representative:
Email: hi@uncledomains.com

18. Supervisory Authority

If you are located in the EEA, UK, or Switzerland, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your privacy rights.

However, we encourage you to contact us first so we can address your concerns directly.