ISV.me

Privacy Policy

Last Updated: March 28, 2026

1. Introduction

ISV.me ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our domain marketplace platform.

This policy complies with:

  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • Other applicable data protection laws

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, password (hashed), nickname, custom ID
  • Profile Information: Real name, gender, country/region, phone number (optional), profile avatar/photo, donation preferences, badges, preferred display tags
  • Payment Information: Processed by Stripe (we don't store full payment details)
  • Domain Listings: Domain names, descriptions, pricing, verification documents
  • Communications: Support tickets, comments, reviews, messages

2.2 Automatically Collected Information

  • IP Address: For country detection, fraud prevention, and rate limiting
  • Device Information: Browser and OS details, device type/platform, and security fingerprinting data
  • Screen and Environment Data: Screen/viewport size, color depth, language, timezone, and technical capabilities
  • Usage Data: Pages visited, features used, time spent on platform
  • Referral and Campaign Data: Referrer, landing path, and campaign parameters (e.g., UTM tags)
  • Cookies and Tracking: Essential cookies by default; analytics/tracking metadata processed after consent where required
  • Geolocation: Country-level location from IP address (using GeoIP database data)

2.3 Information from Third Parties

  • OAuth Providers: When you sign in with Google (name, email, profile photo)
  • Payment Processors: Transaction status and payment confirmations
  • Domain Registrars: Domain ownership verification data

3. How We Use Your Information

3.1 Primary Purposes

  • Account Management: Create and maintain your account
  • Transactions: Process domain purchases and sales
  • Escrow Services: Hold funds securely during transfers
  • Domain Verification: Verify ownership of listed domains
  • Payments: Process payments and distribute funds
  • Charity Donations: Calculate and distribute charitable contributions

3.2 Platform Operations

  • Communication: Send transaction confirmations, updates, notifications
  • Customer Support: Respond to inquiries and resolve issues
  • Security: Prevent fraud, abuse, and unauthorized access
  • Analytics: Understand usage patterns and improve services
  • Legal Compliance: Meet regulatory and legal obligations

3.3 Additional Uses

  • Voting System: Enable charity organization voting
  • Gamification: Award badges and track user reputation
  • Referral Program: Track referrals and distribute rewards
  • Marketing: Send promotional emails (with your consent)

4. Legal Bases for Processing (GDPR)

We process your data based on:

  • Contract Performance: To fulfill our agreement with you
  • Legitimate Interests: Fraud prevention, platform security, analytics
  • Legal Obligation: Tax reporting, AML/KYC compliance
  • Consent: Marketing communications, optional features

5. Data Sharing and Disclosure

5.1 We Share Data With:

Payment Processors

  • Stripe Connect: Transaction processing, escrow, payouts
  • Purpose: Facilitate secure payments

Service Providers

  • Cloud hosting provider: Platform infrastructure
  • Email service (SMTP provider): Transaction notifications
  • Analytics tools: Usage statistics and improvements

Domain Registrars

  • GoDaddy, Namecheap, etc.: Domain ownership verification and transfers
  • Only verification data shared

Charity Organizations

  • Donation amounts and donor information (if consent given)
  • For tax receipt purposes

5.2 Public Information

The following profile data is visible to other users by default:

  • Nickname and custom ID
  • Country flag / region
  • Reputation score and badges
  • Profile avatar/photo
  • Domain listings (domain name, price, description)
  • Comments and reviews (if you post them)
  • Total donation amount (for badge purposes)

The following profile data is private and not publicly visible:

  • Email address
  • Real name (username)
  • Phone number
  • Gender
  • Device fingerprint and IP address

5.3 Legal Requirements

We may disclose information when required by law:

  • Court orders or subpoenas
  • Law enforcement requests
  • Protection against fraud or security threats
  • Enforcement of our Terms of Service

5.4 Business Transfers

In the event of merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

6. International Data Transfers

  • Our servers are located in [Server Location]
  • Data may be transferred to countries outside your residence
  • We use appropriate safeguards (Standard Contractual Clauses, Privacy Shield, etc.)
  • By using our Service, you consent to international transfers

7. Data Retention

We retain your data for:

  • Active Accounts: Duration of account plus 7 years for tax/legal compliance
  • Transaction Records: 10 years for financial and legal requirements
  • Domain Listings: Until deleted by seller or account closed
  • Logs and Analytics: 90 days to 2 years
  • Support Tickets: 3 years
  • Closed Accounts: De-identified data may be retained for analytics

8. Your Privacy Rights

8.1 GDPR Rights (EU/UK Users)

  • Access: Request copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Opt-out of marketing communications

8.2 CCPA Rights (California Residents)

  • Know: What personal information we collect and how it's used
  • Delete: Request deletion of your personal information
  • Opt-Out: Opt-out of sale of personal information (we don't sell data)
  • Non-Discrimination: Equal service regardless of exercising rights

8.3 How to Exercise Rights

  • Email: privacy@isv.me
  • Account Settings: Manage preferences in your account
  • Response Time: Within 30 days (GDPR) or 45 days (CCPA)

9. Cookies and Tracking Technologies

9.1 Types of Cookies

  • Essential Cookies: Required for platform functionality
  • Authentication Cookies: Keep you logged in
  • Preference Cookies: Remember your settings
  • Analytics Cookies: Understand usage patterns
  • Security Cookies: Fraud prevention and security

9.2 Cookie Management

  • We present a cookie consent banner for consent-based processing where required by law
  • You can choose to accept or decline non-essential cookies/processing from the banner
  • You can also control cookies through your browser settings
  • Essential cookies cannot be disabled without affecting core platform functionality
  • See our Cookie Policy for details: /legal/cookie-policy

9.3 Consent-Based Metadata (Where Required)

After consent, we may process metadata such as:

  • Browser name/version and user-agent
  • OS name/version and device type/platform
  • Screen and viewport dimensions and color depth
  • Language, timezone, cookie-enabled status, and Do Not Track signal
  • Referrer/landing path and campaign attribution parameters

9.4 Do Not Track

We honor Do Not Track signals where technically feasible.

10. Security Measures

We implement industry-standard security measures:

  • Encryption: SSL/TLS for data in transit, encryption at rest
  • Authentication: JWT tokens, bcrypt password hashing (cost 12)
  • Access Control: Role-based access, principle of least privilege
  • Monitoring: Activity logs, fraud detection, anomaly detection
  • CAPTCHA: Slider verification for suspicious activity
  • Rate Limiting: Prevent brute force and DDoS attacks
  • Regular Audits: Security assessments and penetration testing

However, no system is 100% secure. You are responsible for maintaining the confidentiality of your credentials.

11. Children's Privacy

Our Service is not directed to individuals under 18. We do not knowingly collect data from children. If we learn we have collected data from a child, we will delete it promptly.

12. Third-Party Links

Our platform may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies.

13. Marketing Communications

13.1 Types of Communications

  • Transactional: Purchase confirmations, domain transfers (cannot opt-out)
  • Account: Security alerts, policy updates (cannot opt-out)
  • Marketing: Promotional offers, newsletters (opt-in/opt-out)

13.2 Opt-Out

  • Click "unsubscribe" in marketing emails
  • Update preferences in Account Settings
  • Email: unsubscribe@isv.me

14. Device Fingerprinting

We use device fingerprinting to:

  • Prevent fraud and abuse
  • Enforce registration limits (5 per IP in 7 days)
  • Detect suspicious activity
  • Enhance security

Device fingerprints are hashed and anonymized where possible.

15. IP Address and Geolocation

15.1 IP Address Uses

  • Display user's country flag
  • Show top 10 user countries
  • Rate limiting and fraud prevention
  • Enforce registration limits

15.2 GeoIP Database

  • We use a GeoIP database provider for country-level detection
  • Country-level accuracy (not precise location)
  • IP addresses are not stored permanently

16. Data Breach Notification

In the event of a data breach:

  • We will notify affected users within 72 hours (GDPR)
  • Notification will include nature of breach and mitigation steps
  • We will notify relevant supervisory authorities
  • We will post public notice if large-scale breach

17. Updates to Privacy Policy

  • We may update this policy from time to time
  • Material changes will be notified via email or platform notice
  • "Last Updated" date indicates most recent revision
  • Continued use after changes indicates acceptance

18. Contact Information

18.1 Data Controller

ISV.me [Business Address]

18.2 Privacy Inquiries

18.3 Data Protection Officer (if applicable)

18.4 EU Representative (if applicable)

  • [EU Representative Contact]

19. Supervisory Authority

EU/UK users have the right to lodge a complaint with their supervisory authority:

  • [List relevant data protection authorities]

20. California Privacy Rights

California Civil Code Section 1798.83 permits users who are California residents to request information about disclosure of personal information to third parties. Contact us at privacy@isv.me.

21. Accessibility

We are committed to making our Privacy Policy accessible. If you need this policy in an alternative format, contact us at accessibility@isv.me.

Summary of Key Points

FeatureDetails
What We CollectAccount info (email, nickname, custom ID), optional profile info (real name, gender, phone, avatar), transaction data, IP address, usage analytics
Why We CollectProvide service, process transactions, prevent fraud, personalize your profile
Who We Share WithPayment processors, service providers (not sold to advertisers)
Your RightsAccess, delete, correct your data; opt-out of marketing
SecurityIndustry-standard encryption, monitoring, and protection
CookiesUsed for essential functions, analytics, and preferences
Contactprivacy@isv.me for any questions

By using ISV.me, you acknowledge that you have read and understood this Privacy Policy.