Privacy Policy

Effective Date: 1 March 2025
Last Updated: 1 March 2025

1. Who We Are

We are Smart Tech Messaging Ltd, trading as Apiregistrar, a company registered in the United Kingdom at 128 City Road, London, EC1V 2NX. We act as both a data controller and data processor, depending on the circumstances:

• Data controller: when we collect client business contact information for account management.
• Data processor: when we process registrant data on behalf of clients for domain registrations.

2. Data We Collect

We collect the following categories of personal data:

A. From Clients (our direct customers):

• Business name
• Contact person’s name
• Email address
• Billing and payment information
• IP address (for security and logging)

B. From Registrants (end-users via our clients):

• Full name
• Organization (if applicable)
• Email address
• Phone number
• Physical address
• Domain registration data (WHOIS details)

3. How We Use Personal Data

We use personal data for the following purposes:

• To provide and manage domain registration services
• To respond to legal requests and prevent abuse
• To maintain and improve our API services
• To communicate important notices or system updates
• To comply with legal obligations and upstream provider requirements

We do not use personal data for marketing unless explicitly agreed.

4. Legal Basis for Processing

We process personal data based on one or more of the following legal bases:

• Performance of a contract (Art. 6(1)(b) GDPR): for providing services.
• Legal obligation (Art. 6(1)(c)): for compliance with domain registry rules and applicable law.
• Legitimate interests (Art. 6(1)(f)): for security, fraud prevention, and internal administration.

5. Disclosure of Data

We may share personal data with:

• Domain registrars and registries to complete domain registrations
• Technical service providers who help deliver our services (e.g., hosting, email)
• Legal authorities when required by law or under abuse-related investigations
• Our upstream providers to comply with their regulatory and contractual requirements

We do not sell or rent your data.

6. International Data Transfers

Due to the global nature of domain registration, some personal data may be transferred outside the UK or EEA. We ensure appropriate safeguards are in place, such as:

• Data processing agreements with standard contractual clauses (SCCs)
• Transfers only to countries deemed “adequate” by the UK or EU

7. Data Retention

We retain personal data only for as long as necessary for the purposes stated above, including:

• Active client data: for the duration of the contract and up to 6 years after termination (for legal/accounting reasons)
• Domain registration data: for as long as required by domain registries or regulators

8. Your Rights

Under the GDPR and applicable data protection laws, you have the right to:

• Access your personal data
• Request rectification or deletion
• Restrict or object to processing
• Port your data (where applicable)
• Lodge a complaint with a supervisory authority

For data we process on behalf of our clients (e.g., registrant data), please contact the domain provider (our client) directly.

9. Data Security

We implement technical and organizational measures to protect personal data, including:

• Secure API communication (TLS/SSL)
• Access control and authentication
• Logging and monitoring for abuse
• Encrypted storage of sensitive data

10. Cookies and Tracking

Our API-based service does not use cookies or similar tracking technologies for end users. Basic logging may occur for audit and security purposes.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We encourage you to review this page periodically. Continued use of our services constitutes acceptance of any updates.

12. Contact Us

Smart Tech Messaging Ltd
128 City Road, London, EC1V 2NX, United Kingdom
Email: [email protected]