Privacy Policy

Anayil (hereinafter referred to as "the Company," "we," "us," or "our"), with its principal office at Miami, FL 33131, United States, operates the websites anayil.com, hostinganayil.com, and anayil.com, and provides web hosting, domain registration, SSL certificates, web design, and related digital infrastructure services.

This Privacy Policy applies to all individuals who visit our websites, use our services, or otherwise interact with us, whether as clients, prospective clients, website visitors, or business partners. It describes the types of personal information we collect, the purposes for which we collect and use that information, the measures we take to protect it, and the rights you have regarding your personal data.

We comply with applicable data protection laws and regulations, including but not limited to the General Data Protection Regulation (GDPR) for European Union residents, the California Consumer Privacy Act (CCPA) for California residents, the Lei Geral de Protecao de Dados (LGPD) for Brazilian residents, and other applicable privacy laws in the jurisdictions where we operate.

We collect several categories of personal information through various methods when you interact with our services:

1. Information You Provide Directly:

• Account Registration Data: Full name, email address, physical address, phone number, company name, and billing information when you create an account.
• Payment Information: Credit card numbers, bank account details, and other payment method information processed through our secure payment gateways. We do not store full credit card numbers on our servers.
• Domain Registration Data: Domain owner contact information (registrant, administrative, technical, and billing contacts) as required by ICANN for domain registration.
• Support Communications: Information provided when you submit support tickets, contact our helpdesk, or communicate with our team via email, chat, or phone.
• Website Content: Files, databases, emails, and other content you store on our servers as part of your hosting service.

2. Information Collected Automatically:

• Log Data: IP address, browser type, operating system, referring URL, pages accessed, access dates and times, and server log information.
• Device Information: Device type, unique device identifiers, screen resolution, and language preferences.
• Usage Data: Features used, actions taken, time spent on pages, click patterns, and navigation paths through our services.

3. Information from Third Parties:

• Payment Processors: Transaction confirmation and fraud detection data from our payment processing partners.
• Domain Registries: WHOIS data and domain status information from ICANN-accredited registrars.
• Analytics Providers: Aggregated and anonymized usage statistics from third-party analytics services.

We use the personal information we collect for the following legitimate business purposes:

Service Delivery: To provide, maintain, improve, and personalize our services, including domain registration, hosting provisioning, SSL certificate issuance, and website design services. This includes setting up and managing your accounts, processing transactions, sending service-related notifications, and providing technical support.

Communication: To respond to your inquiries, provide customer support, send service updates, security alerts, and administrative messages. We may also send marketing communications regarding our products, services, and promotional offers, but only with your prior consent or where we have a legitimate interest to do so. You may opt out of marketing communications at any time.

Security and Fraud Prevention: To detect, prevent, and address fraud, unauthorized transactions, abuse, security breaches, and other potentially illegal activities. We may use automated systems and algorithms to identify suspicious patterns and protect our services and clients from harm.

Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests, including responding to subpoenas, court orders, or other lawful requests from public authorities. This includes ICANN-mandated WHOIS data publication for domain registrations.

Business Operations: To analyze and improve our services, conduct research and analytics, develop new features, monitor usage trends, and measure the effectiveness of our marketing campaigns. All analytics are conducted on aggregated, anonymized data where possible.

We implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

Technical Measures:

• Encryption: All data transmissions between your browser and our servers are encrypted using TLS 1.3 or higher. Sensitive data at rest is encrypted using AES-256 encryption.
• Access Controls: Role-based access controls (RBAC) restrict employee access to personal data on a strict need-to-know basis. All access is logged and audited.
• Firewall and IDS: Enterprise-grade firewalls and Intrusion Detection Systems (IDS) monitor and protect our network infrastructure 24/7.
• DDoS Protection: Advanced Distributed Denial of Service (DDoS) mitigation to ensure service availability and protect against volumetric attacks.
• Regular Security Audits: Third-party penetration testing and vulnerability assessments conducted quarterly.
• Secure Development: Secure coding practices and regular code reviews to prevent common vulnerabilities (OWASP Top 10).

Organizational Measures:

• Employee Training: Mandatory data protection and security awareness training for all employees, updated annually.
• Data Minimization: We collect only the personal data necessary for the specified purposes and retain it only for as long as needed.
• Incident Response: Documented incident response plan with defined escalation procedures and breach notification processes compliant with GDPR 72-hour notification requirements.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your personal information only in the following limited circumstances:

Service Providers: We share personal data with trusted third-party service providers who perform services on our behalf, such as payment processing, domain registration, email delivery, analytics, cloud infrastructure, and customer support. These providers are contractually bound to process your data only as instructed by us and in compliance with applicable data protection laws.

Domain Registries and ICANN: As required by ICANN regulations, we must provide registrant contact information to domain registries and make certain WHOIS data available. Under the GDPR and applicable privacy laws, we offer WHOIS privacy protection services to mask personal contact information in public WHOIS lookups.

Legal Requirements: We may disclose personal information when required to do so by law, in response to valid legal process (such as a subpoena, court order, or government request), to establish or exercise our legal rights, to defend against legal claims, or to protect the rights, property, or safety of our company, our clients, or the public.

Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal data may be transferred to the acquiring entity. We will notify you via email of any such transfer and your choices regarding your information.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Right of Access: You have the right to request a copy of the personal data we hold about you and information about how we process it. You can access much of your account data directly through our client portal.

Right to Rectification: You have the right to request the correction of inaccurate or incomplete personal data we hold about you. You can update most of your account information directly through our client portal.

Right to Erasure: You have the right to request the deletion of your personal data, subject to certain exceptions (such as legal obligations, legitimate interests, or contractual requirements). Upon account termination, we will delete your personal data within 90 days, except where retention is required by law.

Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format, and to transmit that data to another service provider without hindrance.

Right to Object: You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes. If you object, we will cease processing your data for those purposes unless we have compelling legitimate grounds.

Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

To exercise any of these rights, please contact our Data Protection Officer at privacy@anayil.com. We will respond to your request within 30 days, or within the timeframe required by applicable law. We may request verification of your identity before processing your request.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law, regulation, or contractual obligation. Our general retention periods are as follows:

• Account Data: Retained for the duration of your active account and for 3 years following account closure for billing, legal, and dispute resolution purposes.
• Billing and Transaction Records: Retained for 7 years as required by tax and financial regulations in the United States.
• Domain Registration Data: Retained for the duration of the domain registration period plus 2 years, as required by ICANN policies.
• Support Ticket Records: Retained for 2 years following ticket closure for quality assurance and dispute resolution.
• Server Logs: Retained for 90 days for security and troubleshooting purposes, then permanently deleted.
• Marketing Communications Data: Retained until you withdraw your consent or opt out of communications.
• Website Backups: Retained for 30 days following account termination, then permanently deleted.

When the applicable retention period expires, we will securely delete or anonymize your personal data in accordance with our data destruction procedures. Anonymized data that can no longer be associated with an identifiable individual may be retained indefinitely for statistical and research purposes.

We use cookies and similar tracking technologies to enhance your experience on our website, analyze usage patterns, and deliver personalized content. Cookies are small text files stored on your device when you visit our website.

We use the following categories of cookies:

• Strictly Necessary Cookies: Required for the basic functionality of our website, such as session management, security features, and load balancing. These cookies cannot be disabled.
• Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous statistical data. We use these cookies to improve our website performance and user experience.
• Functionality Cookies: Remember your preferences, language settings, and other customization choices to provide a more personalized experience.
• Marketing and Advertising Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns across different channels.

For detailed information about the specific cookies we use, their purposes, and how to manage your cookie preferences, please refer to our Cookie Policy.

Our Services are not directed to individuals under the age of 18. We do not knowingly collect, use, or disclose personal information from children under 18 years of age. If you are a parent or guardian and become aware that your child has provided us with personal information without your consent, please contact us at privacy@anayil.com.

If we discover that we have collected personal information from a child under 18 without verification of parental consent, we will take immediate steps to delete that information from our servers and records. We will also take appropriate measures to prevent future collection of personal information from minors.

We encourage parents and guardians to monitor their children's online activities and to teach them about safe internet practices. If you have any concerns about how we handle information related to minors, please do not hesitate to contact our Data Protection Officer.

If you have any questions, concerns, or complaints regarding this Privacy Policy or our data protection practices, you may contact us through any of the following methods:

• Data Protection Officer Email: privacy@anayil.com
• General Inquiries: info@anayil.com
• Phone: +1 305 767 3936
• Mailing Address: Anayil, Miami, FL 33131, United States

If you are a resident of the European Union, you also have the right to lodge a complaint with your local supervisory authority for data protection. A list of EU Data Protection Authorities is available at the European Data Protection Board website.

California residents may also contact the California Privacy Protection Agency (CPPA) or the California Attorney General if they believe their rights under the CCPA have been violated.

We take all complaints seriously and will make every reasonable effort to resolve your concerns promptly and fairly. We will acknowledge receipt of your complaint within 5 business days and provide a substantive response within 30 business days.