Privacy Policy

1. Introduction

HOKONAME ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our domain leasing service.

We have designed our service with privacy in mind. We collect minimal personal information and do not require names, addresses, phone numbers, or government ID to use our service.

2. Information We Collect

2.1 Information You Provide

• Email address: Required for account creation, order confirmations, renewal reminders, and account change verifications
• Password: Stored securely using industry-standard hashing (bcrypt)
• Nameserver preferences: The DNS nameservers you configure for your domains
• Broker request details: If you use our broker service, we collect the domain name, your email, optional budget, and any message you provide

2.2 Payment Information

We do not store your full payment card details. All payment processing is handled by our payment processor (Stripe), which is PCI-DSS compliant. We only receive:

• Confirmation of successful payment
• A payment reference for our records
• Your Stripe customer ID (to manage your subscriptions)

2.3 Automatically Collected Information

When you visit our website, we may automatically collect:

• IP address (for security, rate limiting, and fraud prevention)
• Browser type and version
• Pages visited and time spent
• Referring website

2.4 Account Change Records

We maintain a log of certain account changes for security and administrative purposes, including:

• Email changes: Previous and new email addresses, timestamp, and whether the change was initiated by you or an administrator
• Password changes: Timestamp and whether the change was initiated by you or an administrator. If plain text password mode is enabled by the site operator, previous and new passwords may also be recorded

These records help us investigate unauthorised account access and assist with account recovery.

3. How We Use Your Information

We use your information to:

• Provide and maintain the Service
• Process your domain lease orders and subscription renewals
• Send order confirmations, renewal reminders, and account verification emails
• Verify email changes through dual magic-link confirmation
• Process domain push transfers between users
• Manage broker service requests
• Respond to your enquiries and support requests
• Prevent fraud, abuse, and unauthorised access
• Comply with legal obligations
• Improve our Service

4. Information Sharing

We do not sell, trade, or rent your personal information to third parties.

We may share information with:

• Payment processors: Stripe, for processing payments and managing subscriptions
• Domain registrars: Minimal information required to register domains on your behalf
• Email service providers: Your email address, for sending transactional emails (verification, renewal reminders, account change confirmations)
• Legal authorities: When required by law or to protect our rights

5. Domain Registration Privacy

Because HOKONAME is the legal registrant of all domains, your personal information does not appear in public WHOIS records. Our company information is listed instead, providing you with inherent privacy protection at no additional cost.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specific retention periods:

• Account data: Retained while your account is active. After account deletion, personal data is deleted or anonymised within 30 days
• Transaction and payment records: Retained for up to 7 years for legal and accounting purposes
• Account change logs: Retained for as long as your account is active, or as required for legal compliance
• Email change verification tokens: Automatically expire and are deleted after 24 hours
• Anonymised usage data: May be retained indefinitely for analytics

7. Data Security

We implement appropriate security measures to protect your information:

• Passwords are hashed using bcrypt with a secure cost factor
• All data transmission is encrypted using TLS/SSL
• Session tokens are cryptographically generated and validated on each request
• Account lockout is enforced after multiple failed login attempts
• Email changes require dual verification (both old and new email addresses)
• Access to personal data is restricted to authorised personnel
• Rate limiting is applied to prevent abuse of API endpoints

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

8. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Update your email address (via verified email change) or correct other inaccurate data
• Deletion: Request deletion of your personal data (subject to retention requirements)
• Portability: Request your data in a portable format
• Objection: Object to certain processing of your data

To exercise these rights, please contact us at [email protected].

9. Cookies

We use essential cookies to:

• Keep you signed in to your account (session authentication cookies)
• Maintain admin session state
• Ensure security of your session

We do not use tracking cookies, analytics cookies, or third-party advertising cookies. Our cookies are strictly functional and necessary for the Service to operate.

10. Third-Party Services

Our Service integrates with the following third-party services:

• Stripe: Payment processing. Subject to Stripe's Privacy Policy
• Google Fonts: Web font delivery. Subject to Google's Privacy Policy

We encourage you to review the privacy policies of these services.

11. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top indicates when the policy was last revised.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]