Privacy Policy

https://reg.ly  |  https://my.reg.ly

Effective Date: April 5, 2026

1. INTRODUCTION

This Privacy Policy explains how NetPro Ltd., a company registered under the laws of Libya, operating under the trade names “reg.ly” and “REGLY” (“Company”, “we”, “us”, “our”), collects, uses, discloses, and protects your personal information when you visit or use the websites https://reg.ly and https://my.reg.ly (collectively, the “Site”) and all services offered through the Site (the “Services”).

By accessing or using the Site or Services, you consent to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please discontinue use of the Site and Services immediately.

This Privacy Policy should be read together with our Terms and Conditions, available at https://reg.ly/about/terms-of-use/.

2. INFORMATION WE COLLECT

2.1 Information You Provide to Us

We collect personal information that you voluntarily provide when you register an Account, purchase Services, submit a support ticket, or otherwise communicate with us. This includes:

1. Account Information: name, email address, phone number, mailing address, billing address, company name, and Account password.
2. Domain Registrant Data: name, organization, address, email, and phone number provided for domain registration (WHOIS data), as required by NIC.LY.
3. Support Communications: the content of support tickets, live chat conversations (via Zendesk), and email correspondence with our support team.
4. Billing Information: transaction records, invoice details, and Account credit balance. We do NOT directly collect, store, or process your full credit/debit card numbers, CVV, or bank account details. All payment card data is collected and processed directly by our independent third-party Payment Processors (PayPal and Stripe) and is never transmitted to or stored on our servers.
5. Identity Verification (KYC) Data: in certain circumstances (described in Section 2.4 below), we may require you to complete identity verification. This may involve the submission of government-issued identification documents (such as passport, national ID card, or driver’s license), a selfie or photograph for facial verification, and phone number verification.

2.2 Information Collected Automatically

When you visit or use the Site, we and our third-party service providers automatically collect certain information, including:

1. Log and Usage Data: IP address, browser type and version, operating system, device information, referring URLs, pages visited, date/time stamps, clickstream data, and actions taken on the Site.
2. Device Data: hardware model, device identifiers, operating system version, and system configuration.
3. Location Data: approximate geographic location derived from your IP address. We do not collect precise GPS location data.
4. Cookies and Tracking Technologies: see Section 5 (Cookies) below.

2.3 Information Collected by Third-Party Services

We use the following third-party services that may independently collect information about you:

1. Google Analytics: collects anonymized usage data (pages visited, session duration, traffic sources, device type) to help us understand how users interact with the Site. Google Analytics uses cookies. See Google’s privacy policy at https://policies.google.com/privacy.
2. Google reCAPTCHA: used to protect the Site from spam and abuse. reCAPTCHA may collect hardware and software information, including device and application data, and send it to Google for analysis. See Google’s privacy policy at https://policies.google.com/privacy.
3. Zendesk: our live chat and support ticketing platform. Zendesk collects and stores chat transcripts, support ticket content, and related metadata. See Zendesk’s privacy policy at https://www.zendesk.com/company/agreements-and-terms/privacy-policy/.
4. PayPal: payment processor. Collects payment data directly. See https://www.paypal.com/webapps/mpp/ua/privacy-full.
5. Stripe: payment processor. Collects payment card data directly. See https://stripe.com/privacy.

2.4 Identity Verification (Know Your Customer / KYC)

We may require identity verification (KYC) in the following circumstances:

1. Account Recovery: if you lose access to your registered email address or need to verify your identity for account recovery purposes.
2. Phone Verification: we may require phone number verification as an additional authentication step for account security.
3. Domain Vault: enabling or disabling the Domain Vault add-on service requires successful completion of identity verification to prevent unauthorized changes to registry-level domain locks.
4. High-Risk Account Actions: we may require verification for other sensitive account actions at our sole discretion, including but not limited to change of registrant, bulk transfers, or account ownership disputes.

Identity verification is conducted through a third-party KYC service provider. When you undergo verification, your identity documents (such as a government-issued ID) and verification data (such as a selfie or photograph) are submitted to and processed by the third-party KYC provider in accordance with their own privacy policy. We receive only the verification result (pass/fail) and a reference identifier from the KYC provider. We do not store copies of your identity documents on our servers. The KYC provider retains your documents in accordance with their own data retention policy, which we encourage you to review.

By using the Services and submitting to identity verification, you consent to the collection, processing, and transfer of your KYC data to our third-party KYC provider for the purposes described above.

3. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

1. To provide, operate, and maintain the Services, including domain registration, renewal, transfer, and management.
2. To create and manage your Account.
3. To process transactions and send related information, including invoices, renewal reminders, and payment confirmations.
4. To submit Registrant Data to the NIC.LY registry for domain registration as required.
5. To publish Registrant Data in the WHOIS database as required by NIC.LY regulations.
6. To communicate with you, including responding to support requests, sending service-related notices, and providing account updates.
7. To detect, prevent, and address fraud, abuse, security incidents, and technical issues.
8. To enforce our Terms and Conditions, Acceptable Use Policy, and other applicable agreements.
9. To comply with applicable laws, regulations, legal processes, and governmental requests.
10. To improve, personalize, and optimize the Site and Services through analytics and usage data.
11. To maintain backups and ensure business continuity.
12. To verify your identity through KYC processes for account recovery, Domain Vault management, and other sensitive account actions.

We do NOT use your personal information for targeted advertising. We do NOT sell your personal information. We send only transactional and service-related communications; we do not send marketing emails or newsletters.

3.1 Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, our legal basis for collecting and using your personal information depends on the specific information and context:

1. Performance of Contract: processing your Account information and Registrant Data to provide the Services you requested.
2. Legitimate Interests: processing usage data for security, fraud prevention, Site improvement, and analytics, where our interests are not overridden by your rights.
3. Legal Obligation: processing required to comply with applicable laws, NIC.LY regulations, court orders, or governmental requests.
4. Consent: where you have given specific consent for a particular purpose (e.g., testimonial publication). You may withdraw consent at any time by contacting [email protected].

4. HOW WE SHARE YOUR INFORMATION

We do not sell, rent, or trade your personal information. We share your information only in the following circumstances:

1. NIC.LY / GPTC (Registry): We are required to submit Registrant Data (name, organization, address, email, phone) to the NIC.LY registry for domain registration and management. This data may be published in the publicly accessible WHOIS database maintained by NIC.LY in accordance with Registry regulations. We have no control over the WHOIS publication requirements imposed by NIC.LY.
2. Payment Processors: PayPal and Stripe process your payment transactions. They receive only the information necessary to process payments. We do not share your full Account details with Payment Processors. Payment Processors operate under their own privacy policies.
3. Payment Receiving Agents: Entities that collect payments on our behalf as described in our Terms and Conditions. Payment Receiving Agents receive only payment transaction data necessary for processing and do not have access to your Account details, domain management information, or support communications.
4. Zendesk: Our live chat and support platform. Zendesk processes and stores your support communications, chat transcripts, and related metadata.
5. Google: Through Google Analytics (anonymized usage data) and Google reCAPTCHA (device/browser data for spam protection).
6. KYC Verification Provider: If you undergo identity verification, your identity documents and verification data are submitted to our third-party KYC service provider. We receive only the verification result and a reference identifier. The KYC provider processes your data under their own privacy policy.
7. Hosting and Infrastructure Providers: Our servers are located in the United States. Your data is stored and processed on these servers.
8. Legal Requirements: We may disclose your information where required by law, regulation, legal process, court order, or governmental request, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others, or to detect, prevent, or address fraud or security issues.
9. Business Transfers: In connection with a merger, acquisition, sale of assets, or similar transaction, your information may be transferred to the acquiring entity. We will provide notice before your information is subject to a different privacy policy.

We do NOT share your information with any third party for marketing or advertising purposes.

5. COOKIES AND TRACKING TECHNOLOGIES

5.1 What Are Cookies

Cookies are small text files placed on your device when you visit a website. They help the website recognize your device and remember information about your visit.

5.2 Cookies We Use

We use the following categories of cookies:

5.3 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. However, disabling strictly necessary cookies may prevent the client area (my.reg.ly) from functioning correctly. Disabling analytics cookies will not affect your ability to use the Services.

For more information on managing cookies in your browser: Chrome (chrome://settings/cookies), Firefox (about:preferences#privacy), Safari (Preferences > Privacy), Edge (edge://settings/privacy).

6. INTERNATIONAL DATA TRANSFERS

Our servers are located in the United States. Your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate, including:

1. United States: server hosting, Google Analytics, Google reCAPTCHA, Stripe, WHMCS.
2. Libya: NIC.LY registry (Registrant Data / WHOIS data submission).
3. Other jurisdictions: where our third-party service providers (PayPal, Zendesk, Stripe) maintain their infrastructure.

If you are located in the EEA, UK, or Switzerland, your data may be transferred to countries that do not have equivalent data protection laws. We rely on the following safeguards for such transfers: (a) Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable; (b) the UK International Data Transfer Agreement (IDTA), where applicable; (c) the service provider’s own data protection certifications and commitments. You may request information about the specific safeguards applied to your data by contacting [email protected].

7. DATA RETENTION

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

1. Account Information: retained for the duration of your Account and for 12 months after Account termination, to allow for reactivation and to address post-termination inquiries.
2. Domain Registrant Data: retained for the duration of the domain registration and as required by NIC.LY regulations.
3. Transaction and Billing Records: retained for a minimum of 7 years for tax, accounting, and legal compliance purposes.
4. Support Communications: retained for 24 months after the last interaction, or as required for ongoing dispute resolution.
5. Server Logs: retained for up to 12 months for security and diagnostic purposes.
6. KYC Verification Data: we retain only the verification result and reference identifier. Identity documents are retained by the third-party KYC provider in accordance with their retention policy. We do not store copies of identity documents.
7. Analytics Data: aggregated and anonymized data may be retained indefinitely.

When personal information is no longer required, we will securely delete or anonymize it. Information stored in backup archives will be securely isolated and deleted when the backup cycle completes.

8. DATA SECURITY

We implement appropriate technical and organizational security measures to protect your personal information, including encryption in transit (TLS/SSL), access controls, two-factor authentication for Accounts, and regular security monitoring. However, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security. Transmission of personal information to and from the Site is at your own risk.

9. CHILDREN’S PRIVACY

The Site and Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected information from a child under 18, we will deactivate the Account and take reasonable measures to promptly delete such data. If you believe we have collected data from a child under 18, please contact us at [email protected].

10. YOUR PRIVACY RIGHTS

10.1 General Rights

Depending on your location, you may have the following rights regarding your personal information:

1. Right of Access: request a copy of the personal information we hold about you.
2. Right to Rectification: request correction of inaccurate or incomplete information.
3. Right to Erasure: request deletion of your personal information, subject to legal obligations and legitimate business needs.
4. Right to Restrict Processing: request that we limit how we process your data in certain circumstances.
5. Right to Data Portability: request a copy of your data in a structured, commonly used, machine-readable format.
6. Right to Object: object to processing based on legitimate interests.
7. Right to Withdraw Consent: where processing is based on consent, withdraw at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may need to verify your identity before processing your request.

10.2 Account Management

You may review and update your Account information at any time by logging into my.reg.ly. To terminate your Account, contact [email protected]. Upon termination, we will deactivate your Account and delete your information from active databases, subject to retention obligations described in Section 7.

10.3 Opting Out of Communications

We send only transactional and service-related communications (invoices, renewal reminders, security notices, terms updates). These are necessary for the administration of your Account and cannot be opted out of while your Account is active. We do not send marketing emails or newsletters.

10.4 Cookie Preferences

You may manage cookie preferences through your browser settings as described in Section 5.3.

11. DO-NOT-TRACK SIGNALS

There is no uniform technology standard for recognizing Do-Not-Track (DNT) browser signals. We do not currently respond to DNT signals. If a standard is adopted that we must follow, we will update this Privacy Policy accordingly.

12. REGION-SPECIFIC PRIVACY RIGHTS

12.1 European Economic Area, United Kingdom, and Switzerland

If you are located in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR, including the rights described in Section 10.1. You also have the right to lodge a complaint with your local data protection supervisory authority:

1. EEA: https://edpb.europa.eu/about-edpb/about-edpb/members_en
2. UK: https://ico.org.uk/make-a-complaint/
3. Switzerland: https://www.edoeb.admin.ch/edoeb/en/home.html

12.2 California Residents (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

Categories of Personal Information Collected:

Your CCPA/CPRA rights include:

1. Right to Know: what personal information we collect, use, disclose, and sell.
2. Right to Delete: request deletion of your personal information, subject to exceptions.
3. Right to Correct: request correction of inaccurate personal information.
4. Right to Opt-Out of Sale or Sharing: we do NOT sell or share your personal information for cross-context behavioral advertising.
5. Right to Limit Use of Sensitive Personal Information: we do NOT collect sensitive personal information as defined by CPRA.
6. Right to Non-Discrimination: we will not discriminate against you for exercising your rights.

To exercise your rights, contact [email protected]. We will verify your identity and respond within 45 days (extendable by 45 days with notice). You may designate an authorized agent to make requests on your behalf; agents must provide proof of authorization.

We have not sold or shared personal information in the preceding 12 months, and we will not do so.

12.3 Canadian Residents (PIPEDA)

If you are a Canadian resident, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA), including the right to access, correct, and withdraw consent for the collection and use of your personal information. To exercise your rights, contact [email protected]. We will respond within 30 days.

13. WHOIS DATA DISCLOSURE

As an accredited registrar under NIC.LY, we are required to submit Registrant Data to the NIC.LY registry for every domain registered through our Services. This data includes your name, organization (if any), address, email address, and phone number.

13.1 WHOIS Publication

Registrant Data may be published in the publicly accessible WHOIS database maintained by NIC.LY. By registering a domain, you expressly consent to the submission of your Registrant Data to the Registry as required by NIC.LY regulations. We have no control over NIC.LY’s WHOIS publication policies and are not responsible for any third-party access to or use of publicly available WHOIS data.

13.2 GDPR WHOIS Privacy Redaction

For registrants located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we automatically apply WHOIS privacy redaction in compliance with the General Data Protection Regulation (GDPR). This means that personal contact details (such as registrant name, address, phone number, and email) are redacted from the publicly accessible WHOIS output and replaced with privacy-protected placeholder information. The underlying Registrant Data is still submitted to and held by the NIC.LY registry, but is not publicly displayed in the WHOIS database for these registrants.

13.3 WHOIS Privacy for Non-GDPR Countries

As of the effective date of this Privacy Policy, WHOIS privacy or proxy services are not available for registrants located outside of GDPR-protected jurisdictions. This means that if you are located outside the EEA, UK, or Switzerland, your Registrant Data (name, organization, address, email, phone) will be publicly visible in the NIC.LY WHOIS database. This is a requirement of the NIC.LY registry and is outside our control. We do not offer third-party WHOIS privacy or proxy registration services. If NIC.LY’s policies change in the future to permit broader WHOIS privacy options, we will update this section accordingly.

13.4 WHOIS Data Accuracy

You are required to provide accurate and current Registrant Data at all times. Providing false or inaccurate WHOIS data may result in suspension or cancellation of your domain by the Registry or by us, as described in our Terms and Conditions.

14. THIRD-PARTY LINKS AND SERVICES

The Site may contain links to third-party websites. We are not responsible for the privacy practices or content of any third-party website. We encourage you to review the privacy policy of every site you visit.

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. The updated version will be indicated by the “Effective Date” at the top of this page. If we make material changes, we may notify you by posting a notice on the Site or sending an email. Your continued use of the Site or Services after the updated Privacy Policy becomes effective constitutes your acceptance of the changes.

16. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

Company: NetPro Ltd., trading as reg.ly / REGLY

Email: [email protected]

Website: https://reg.ly

We will respond to all privacy-related inquiries within 30 days.

END OF PRIVACY POLICY