Privacy Policy

How we collect, use, protect, and retain personal data.

Last updated: April 17, 2026

PLEASE READ THIS PRIVACY POLICY CAREFULLY.

This Privacy Policy explains how Whois JSON API collects, uses, discloses, retains, and protects personal information when you use our website, APIs, dashboard, documentation, support channels, and related services (the "Services").

If you use the Services on behalf of an organization, this Privacy Policy applies to personal data we process as a controller. When we process personal data on behalf of a customer as a processor, our Data Processing Addendum applies.

Whois JSON API values privacy and limits personal data use to providing, securing, supporting, maintaining, and improving the Services, complying with law, enforcing our agreements, and preventing abuse. We do not sell customer personal data or use it for unrelated advertising purposes.

This Privacy Policy is designed to address privacy requirements that may apply under laws such as the GDPR, UK GDPR, and similar data protection laws.

1. SCOPE

This Privacy Policy applies to the collection, use, and disclosure of personal information by us through the Services. This Privacy Policy does not apply to any information not collected through the Services.

"Personal information" is information that can be associated with a specific person and could be used to identify that specific person, whether from that data alone or from that data combined with other information Whois JSON API has or is likely to have access to. We do not consider personal information to include information that has been anonymized or aggregated so that it can no longer identify a specific person.

2. COLLECTION

How We Collect

We may collect personal information from you when you use or access our Services, including but not limited to, when you sign up for the Services, when you send us personal information, or when you correspond with us in connection with your use of the Services.

What We Collect

The personal information we collect includes, but is not limited to, the following:

  • Identifying information such as your name, address, phone numbers, and e-mail address;
  • Device IDs or other unique identifiers;
  • Usage statistics, page views, referral URLs, your IP address, and web log information; and
  • Information collected via cookies and similar technologies.

3. USE, RETENTION, AND CORRECTIONS

How We Use Personal Information

We use personal information to provide, operate, secure, support, maintain, and improve the Services; create and manage accounts; process payments; respond to support requests; send service notices; prevent fraud, abuse, and security incidents; comply with law; and enforce our agreements.

We do not sell personal information. We do not use customer personal data for unrelated advertising purposes.

Legal Bases

Where GDPR or similar laws apply, our legal bases may include performance of a contract, legitimate interests in operating and securing the Services, compliance with legal obligations, consent where required, and protection of vital interests in rare emergency situations.

Duration of Retention

We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain business records, comply with legal and tax obligations, resolve disputes, enforce agreements, prevent abuse, and maintain security.

Account and billing records are generally retained while an account is active and for a reasonable period afterward as required for tax, audit, dispute, and compliance purposes. Security, usage, and system logs are retained for limited periods based on operational and security needs. Support messages are retained as needed to provide support and maintain business records. When personal information is no longer needed, we delete, anonymize, or securely dispose of it.

Corrections

You may request correction of any personal information that is incorrect by contacting us at [email protected].

4. YOUR CHOICES

You May Decline to Provide Information

You may decline to submit personal information and may disable cookies in your browser. Some information is required to create an account, authenticate requests, process payments, provide support, secure the Services, or comply with law.

Effect of Declining to Provide Information

If you decline to provide required information, we may be unable to provide some or all of the Services.

You May Request Deletion of Personal Information

Depending on your location and applicable law, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal information. You may also have the right to withdraw consent where processing is based on consent and to lodge a complaint with a data protection authority.

To exercise privacy rights, contact us at [email protected]. We may need to verify your identity before responding. If your request relates to personal data controlled by one of our customers, we may direct you to that customer.

No Sensitive Information

Do not submit sensitive personal information to the Services unless it is necessary for your lawful use case and you have a valid legal basis to do so.

5. LEVEL OF SECURITY

How Secure It Is

We use commercially reasonable technical and organizational measures designed to protect personal information, including HTTPS, access controls, limited internal access, monitoring, backups where appropriate, and administrative safeguards. More information is available on our Security & Trust page.

No system is completely secure. If we become aware of a security incident affecting personal information, we will investigate and provide notices required by applicable law.

6. DISCLOSURE

When We Disclose Personal Information

We may disclose personal information to service providers and subprocessors that help us provide the Services; to comply with law, legal process, or lawful government requests; to protect the rights, safety, security, and property of Whois JSON API, customers, users, or others; in connection with a merger, acquisition, financing, or sale of assets; and with your consent.

We do not disclose customer personal data to third parties for their independent advertising or marketing purposes.

Disclosure to Sub-Contractors and Agents

We use third-party providers to operate the Services. These providers are authorized to process personal information only as needed to provide contracted services to us and must protect that information under appropriate confidentiality and data protection commitments.

Subprocessor categories may include hosting and infrastructure providers, content delivery and DDoS protection providers, payment processors, email delivery providers, analytics providers, logging and monitoring providers, and customer support tools. Providers may include Cloudflare, DigitalOcean, Amazon Web Services, Stripe, and similar vendors where used to operate the Services.

7. INTERNATIONAL TRANSFERS

We may process and store personal information in countries other than the country where you are located. These countries may have data protection laws that differ from those in your jurisdiction.

Where GDPR, UK GDPR, or similar transfer rules apply, we use appropriate safeguards for international transfers, such as Standard Contractual Clauses, the UK International Data Transfer Addendum, adequacy decisions, or other lawful transfer mechanisms.

Data Processing Addendum

Customers that need processor terms for GDPR, UK GDPR, or similar laws may use our Data Processing Addendum. The DPA includes processor obligations, security measures, subprocessor terms, and transfer safeguards.

8. OTHER

Your Use of the Services

To the extent you use the Services to retrieve, receive, or process personal information, you are responsible for using that information in accordance with applicable law, your own privacy notices, and your agreements with your users.

Correcting Personal Information

You may request correction of personal information by contacting [email protected].

Changes

We may update this Privacy Policy from time to time. If changes materially affect how we process personal information, we will provide reasonable notice through the website, dashboard, email, or other appropriate means.

Your continued use of the Services after an updated Privacy Policy becomes effective means you acknowledge the updated policy.

Third-Parties

This Privacy Policy does not apply to third-party websites, applications, services, or data sources that are not controlled by Whois JSON API. Their privacy policies and practices apply to their processing.