Epik Holdings, Inc. (Epik) operates PetitionBook.com.
(1) Account Creation
When you create an Epik account, we collect the following information from you:
- First and Last Name
- Email Address
Additionally, Epik asks new customers to select or create the following:
- User Name
When processing payments by you to Epik or disbursing funds from Epik to you, we naturally collect information about the payment method used:
- Credit / Debit Card
- Bank Account (for Wire Transfers)
(4) Additional Authorization
In rare cases, Epik may request further information on a strictly voluntary basis:
- Citizenship information
- Scanned copies of government-issued ID
- VAT Number
(5) Support Inquiries
If you contact Epik customer support, our system will log pertinent information, which may include:
- Fist and Last Name
- Email Address
- Account PIN Number
- Message text
(6) Online Interactions
When you visit the Epik platform – including any of our websites, apps, or support channels – or interact with an email message sent by us, Epik may log pertinent data:
- IP Address
- Online Actions (pages viewed, links clicked, settings altered)
Note: Epik does not track your online behavior except as it relates to the Epik platform.
If you believe some personal information gathered by Epik has been omitted from the list above, please notify us so that we can add a clear explanation. Our goal is complete transparency.
This description mirrors the numbering used in the previous section.
(1) Account Creation
When registering a domain name, ownership and contact details are required by ICANN and other TLD registry operators. These include first and last name, mailing address, phone number, and email address. Such details are used to identify the domain name's legal owner as well as to contact the administrator in the event of alleged abuse. Epik cannot process domain registrations without this basic information.
Although some TLDs (domain endings) require additional kinds of information beyond those data cited, for most TLDs these are sufficient. To minimize intrusiveness, Epik gathers only what we need for the most common TLDs. This core information is requested at the moment of account creation because, as a domain registrar, Epik anticipates that most customers will register or transfer a domain soon after creating an account. For a streamlined experience, our goal is to have customers fill out only one form.
Additionally, Epik relies on these details – especially name, email address, and phone number – to identify customers correctly when they contact Epik support. In cases where Epik must contact you about a problem, we rely on both email and phone, since either method alone may fail. Collecting your phone number also allows Epik to offer 2-factor authentication as an additional security option – safer than password protection alone.
As a global company, we also refer to state and country information to choose the right time of day to call. In rare cases, legal notices must be delivered by physical post to the address on file. Mailing address information is also used to assess eligibility for certain TLD registrations, which are sometimes limited to particular countries or even cities. This helps Epik show relevant TLDs to you via email or on our website. With more than 1000 TLDs in existence, we can improve the user experience by focusing on those with a connection to you based on language or location. Epik also uses geographical information to perform a statistical analysis of our customer base.
Epik sends automated renewal reminders via email to help customers avoid unintentional service interruptions, additional fees, or total loss of a domain name once it expires. Email is also used to notify customers of important issues such as policy changes, outages, security breaches, price increases, and so forth. Marketing emails may also be sent to customers who have opted to receive information about promotional prices, new Epik features, new TLDs, new services, domain industry news, and the like. Notably, domain transfers between Epik accounts or between Epik and another domain registrar cannot function properly without email notifications. That is true of all domain registrars. Your email address is also used to validate account ownership and to restore access in the event that a password is forgotten.
Your password is used to provide secure account access at Epik. Your user name is used to identify accounts in contexts where you don't wish to share your personal name or email address. For example, when moving a domain from someone else's account to yours, you may not wish to divulge personally identifying information. As a pseudonym tied to your account, the user name can be a useful substitute.
We refer to your account PIN # in the event that a password is forgotten and you cannot reset it through email. For customers who have lost email access but who can contact Epik by phone, chat or an alternative email address not on file, this is often a life saver. For those who have misplaced their PIN # or did not take note of it while logged into their account, will be able to submit requested information such as a valid ID and selfie through our account with Validation.com. A link will be supplied to go to in order to submit the requested information for review.
We gather payment details only for the limited purpose of processing payments from you to Epik or from Epik to you. Bank information is only recorded when processing wire transfers between Epik and customers who choose to pay or be paid in this way. Details are recorded for auditing purposes, in order to match Epik's registrar transactions with bank account records.
Full credit / debit card details are never stored by Epik's system during or after checkout. We simply transmit them to Epik's payment processor and also to a contracted fraud detection service. Heavily redacted representations of the credit card number do exist on the Epik system, showing only a few digits. These are used to differentiate between payment methods when researching transaction history. The redacted versions are also displayed to you inside your Epik account so that you can identify 1 card among many. Sending your credit card details to Epik by email or over the phone is highly discouraged.
Your Paypal address may be saved in order to offer a more streamlined checkout process at Epik. Additionally, if you choose to use Paypal for recurring payments to Epik, we need to associate the stored Paypal address with your Epik account. Epik cannot see your Paypal password. Sometimes Epik requests your Paypal address in order to issue you a refund or pay you.
Epik may store your credit / debit card's expiration date. We use this information to alert you when a card on file is about to expire. This is important to avoid payment failures associated with auto-renewal, monthly hosting, or monthly domain Rental / Purchase plans. Since the consequences of missed payments can be severe and stressful, Epik hopes to prevent headaches for its customers by warning them in advance. This also minimizes the number of renewal reminders we would otherwise send to customers. That means less email clutter.
(4) Additional Authorization
Some TLD registries require additional information before a domain name can be registered. For example, to use .CN or even .COM inside China, the Chinese government requires a scanned copy of government-issued ID. Likewise, Australia requires an ABN (Australian Business Number) or even a trademark number in order to process .AU registrations. Epik does not collect this information from you unless we need it to process a domain registration that you have ordered.
In rare cases, Epik must investigate suspicious activity, including credit card theft. Or you may find yourself completely locked out of your Epik account, if you have lost email access and cannot remember any of your security credentials. Under those unusual circumstances, Epik may ask some customers to voluntarily submit a copy of government-issued ID in order to prove their identity. This is strictly voluntary, and it is meant to protect customers and non-customers from fraud. Some European customers volunteer their VAT number for purposes of invoicing.
(5) Support Inquiries
In the context of support tickets, Epik relies on your first and last name, email address, and account PIN number in several ways: to validate your identity, locate your account quickly, search for your ticket within our system, and reply to you. This information is preserved indefinitely along with the messages themselves. We use it to train support staff, document abuse allegations, identify and fix glitches, and research customer history in order to help you in the future.
(6) Online Interactions
Epik uses data related to your IP address to make our website more relevant. For example, we may try to show the local currency or language. Your IP address is also a factor in assessing the risk of credit card fraud, since stolen cards are often used by criminals in remote overseas locations.
Like most websites, Epik tracks page views and links clicked in order to measure the effectiveness of our email campaigns and website interface. This automatic feedback is crucial for online companies to improve the user experience – making it easier for customers to find what they're looking for, eliminating unused features that clutter a website, delivering more relevant messages, and minimizing the number of unwanted emails we deliver.
We also use page views in Epik's support channel so that our agents can know, in real time, which page you are viewing (and which is perhaps giving you difficulty). Most importantly, Epik tracks changes made by the user inside their Epik account in order to troubleshoot errors, reverse accidental changes, and defeat hackers.
If you believe Epik is using your personal information in some way not described above, please contact us. Our goal is complete transparency. If anything has been left out, that omission is accidental and will be corrected promptly once you let us know.
Epik will only share your information with third parties as described in this document, or as authorized by you, or when doing so is truly necessary. In the last case, Epik will notify you promptly.
Registering a domain name causes your contact information to be instantly listed in the public whois database. Specifically, your first and last name, email address, phone number, and mailing address will appear on a variety of whois lookup portals. This ICANN requirement governs all domain registrars, not just Epik. Over the years, many third parties have scraped the public whois data, packaged, and resold it. Epik is not responsible for this unavoidable consequence of ICANN's longstanding policy, nor are most other registrars.
Epik has always offered a whois privacy service called "Anonymize", which masks your identity and contact details in whois, preserving your anonymity while allowing email messages to be forwarded through an intermediary address. Whereas most registrars charge $10 - $20 per year per domain for similar whois privacy services, Anonymize at Epik has always been completely free of charge.
All customers can turn on Anonymize privacy for some or all of their Epik domains at any time. Although a few TLDs are incompatible with such privacy, most do permit it. Prior to May 25, 2018, Anonymize was offered as an opt-in service – meaning you had to click to turn it on. Now that the European General Data Protection Regulation is in effect, Anonymize will be enabled by default for all EU citizens. This has been applied retroactively for prior registrations as of May 25, 2018, though domains belonging non-EU citizens retain their pre-existing Anonymize settings, whether on or off. If you are an EU citizen and wish your whois contact information to be displayed without masking, then you can opt into such transparency at Epik. All domains newly arriving in Epik accounts after May 25, 2018, will have Anonymize enabled by default. If you're a non-EU citizen, that applies to you too; but you can always turn privacy OFF for some or all of your domains.
Epik may also be required to share these whois contact details with the registry that governs a particular TLD (domain ending). Policies in this regard differ. There are over 1000 TLDs, which imply numerous registries whose products (TLDs) are sold by registrars like Epik. When you register a domain name, you should assume that these details will be shared by Epik with the registry operator in question. This is based on the registrar-registry agreement Epik has signed with them, which is how we offer the TLD to you as a customer. Registries rarely act as registrars themselves. So it is normally necessary to register a domain through a registrar which, in turn, shares the data with a registry.
In some cases, Epik is a reseller, offering some TLD through another company, which is itself the registrar. This means Epik is 2 degrees removed from the registry. This practice is common for obscure country code TLDs, which may have complicated registration requirements. In these instances, Epik offers front-line customer support, relying on an upstream provider's local country credentials. This allows you to do business with Epik, consolidating your various TLDs with 1 company, rather than creating multiple accounts elsewhere. That means more efficiency and less scattered personal information. In order to function in this way, Epik must supply your whois contact details to the upstream registrar, which, in turn, supplies them to the TLD registry.
Epik is also required by ICANN to store backup information with a data escrow company such as Iron Mountain Digital. This protects you, as a customer, in the unlikely event that a registrar ceases operations. Relying on this securely stored data, another company could reconstruct transactions and continue seamless operation. When you purchase any product or service at Epik, we submit your billing information to the payment processor. Prior to doing so, we may submit such data to a fraud detection service, whose software scans the transaction and assesses the likelihood that a credit card is stolen. Nearly all e-commerce websites do likewise. It is safer to transmit this data to a reputable company that specializes in payment processing than it would be to store that data at Epik.
By purchasing an SSL certificate, you consent that all information provided as part of that certificate will be published online. In fact, that is the basis for SSL certificates. A third party must inspect that data in order for that certificate to be validated. Epik is a reseller of SSL certificates. As such, we share your information with the company that prepares the SSL for you. Likewise, if you purchase a trademark application through Epik, we will share your information with a contractor who processes the application.
Epik may share your login credentials as a "Single Sign-On" among the platforms controlled by us: Epik.com, MasterBucks.com, and Anonymize.com. This minimizes the collection of personal information and improves the user experience, since it allows you to log in to any or all platforms using common information. All of these platforms are maintained by Epik and share a common support staff. So the data is only "shared" in a nominal sense – from our left hand into our right hand.
Some domain names are listed for sale in Epik search results, though they may not be registered at Epik at the time. This occurs because Epik is part of a network of registrars and marketplaces that cross-list such inventory. In fact, Epik belongs to more than 1 such network. Cross-listing in this way helps you find more good domain name options wherever you may be searching. If you purchase a domain name that is listed at Epik in this way, then Epik may need to share some of your information with the company responsible for the domain listing. We only share the bare minimum required to deliver the domain to you once you have purchased it.
In general, Epik seeks to protect whistle blowers, who report misuse of domain names such as phishing. As a general rule, we attempt to investigate and resolve the matter without dislcosing the identity or contact information of the person who lodged the complaint. However, in some cases, Epik may choose to share your identity and contact information with the customer against whom you've complained. This may be done in order for all parties to resolve the matter more efficiently.
If you post comments on a public forum or blog managed by Epik, then any personal details you publish there can be read or compiled by persons, companies, or bots. The same applies to content you publish through website templates or website building programs that you may purchase through us. Epik cannot prevent such external actors from repurposing your messages and personal details nor from sending you unsolicited messages if you choose to expose your personal details in a way that allows them to do so. Epik will never obligate you to publish comments in public. Nor will Epik require you to disclose your identity or contact information merely to post a comment in public, assuming you wish to do so.
Of course, when Epik is legally obligated to share your personal details with a third party, then we must do so. This might occur due to a UDRP proceeding, as stipulated by ICANN. Similar mechanisms for resolving trademark disputes exist for various ccTLD registries. Divulging your private details may also be required in order to comply with a court order in civil litigation or to assist law enforcement. Whenever Epik is forced to divulge your personal information, we will make an effort to notify you promptly regarding what personal details have been shared, with whom, and why.
At any time, you can request to know what personal information related to you – if any – Epik has stored or processed. For questions, please contact email@example.com. Please note that we will require you to prove your identity before divulging private information.
All customers can modify their preferences regarding email notifications. Epik gives you granular control over which emails you receive – and how frequently we send them. Settings can be found and modified within your Epik account at any time. Though, of course, we do include an "unsubscribe" link in the email itself, we recommend modifying your permissions within the account. Clicking "unsubscribe" can cause other kinds of email notifications to be blocked – not just those that resemble the message in question. Some notifications, such as renewal reminders, can be crucial. If a domain expires, you may lose ownership of it completely. For your own sake, please consider carefully which emails you wish to discontinue altogether. Or if you wish to avoid receiving all email, then perhaps consider setting your domains to auto-renew first, while ensuring that your card on file will not itself be expiring.
If you are an EU citizen, then beginning May 25, 2018, you have detailed privacy rights governed by the European Union's General Data Protection Regulation (GDPR). Specifically, you have the right to:
(1) Access (GDPR 15)
(2) Rectification (GDRP 16)
(3) Erasure (GDPR 17)
(4) Restriction (GDPR 18)
(5) Portability (GDPR 20)
(6) Objection (GDPR 21)
For more information, consult the GDPR regulation itself, referring to the article numbers cited above. If you believe Epik is not complying with the GDPR in some respect, please let us know. We will make every effort to abide by this new law.