Epik

Epik is an ICANN-accredited domain registrar and web hosting company that was founded in 2009 by Rob Monster.

This page is not published. While you can access it via its direct link, it is not yet displayed on the website.

Transparency

Does the policy require users to be notified in case of a data breach? Yes, eventually

5/7

Decided May 18, 2020 (revision history). This question accounts for 8% of the final score.

Users will be notified in case of a data breach, but within an unspecified amount of time.

Note that all companies operating in the EU are subject to Art. 33 of the GDPR, which requires companies to notify their data protection authority of a data breach within 72 hours of discovering it.

Possible Options

No0/7
Yes, eventually5/7
Yes, within 72 hours7/7
N/A (the service collects so little personal data that notification would not be possible)7/7

Citation

Email is also used to notify customers of important issues such as policy changes, outages, security breaches, price increases, and so forth.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Will affected users be notified when the policy is meaningfully changed? Yes

5/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

Possible Options

No0/5
Yes5/5
N/A (no personal data—or contact information—collected)5/5

Citation

Email is also used to notify customers of important issues such as policy changes, outages, security breaches, price increases, and so forth.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Is the policy's history made available? No

0/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

Possible Options

No0/5
Only the date it was last modified3/5
Yes, with revisions or a change-log5/5

Note

There is no date or changelog.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the policy outline the service's general security practices? No

0/3

Decided May 18, 2020 (revision history). This question accounts for 4% of the final score.

Possible Options

No0/3
Somewhat1/3
Yes2/3
Yes, including audits2.5/3
N/A (no personal data collected)3/3
Yes, including independent audits3/3

Note

There is no relevant information as to how Epik protects your data

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Collection

Is it clear why the service collects the personal data that it does? Yes

10/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

This question deals with transparency. Even if the service uses data for reasons that aren't ideal for privacy, provided they list all of those uses, the service can still receive full credit for this question. However, if they are not explicit about their uses (by employing language like "such as"), a lower score is assigned.

Possible Options

No0/10
Somewhat4/10
Mostly7/10
Yes10/10
No personal data is collected10/10

Citation

(1) Account Creation

When registering a domain name, ownership and contact details are required by ICANN and other TLD registry operators. These include first and last name, mailing address, phone number, and email address. Such details are used to identify the domain name's legal owner as well as to contact the administrator in the event of alleged abuse. Epik cannot process domain registrations without this basic information.

Although some TLDs (domain endings) require additional kinds of information beyond those data cited, for most TLDs these are sufficient. To minimize intrusiveness, Epik gathers only what we need for the most common TLDs. This core information is requested at the moment of account creation because, as a domain registrar, Epik anticipates that most customers will register or transfer a domain soon after creating an account. For a streamlined experience, our goal is to have customers fill out only one form.

Additionally, Epik relies on these details – especially name, email address, and phone number – to identify customers correctly when they contact Epik support. In cases where Epik must contact you about a problem, we rely on both email and phone, since either method alone may fail. Collecting your phone number also allows Epik to offer 2-factor authentication as an additional security option – safer than password protection alone.

As a global company, we also refer to state and country information to choose the right time of day to call. In rare cases, legal notices must be delivered by physical post to the address on file. Mailing address information is also used to assess eligibility for certain TLD registrations, which are sometimes limited to particular countries or even cities. This helps Epik show relevant TLDs to you via email or on our website. With more than 1000 TLDs in existence, we can improve the user experience by focusing on those with a connection to you based on language or location. Epik also uses geographical information to perform a statistical analysis of our customer base.

Epik sends automated renewal reminders via email to help customers avoid unintentional service interruptions, additional fees, or total loss of a domain name once it expires. Email is also used to notify customers of important issues such as policy changes, outages, security breaches, price increases, and so forth. Marketing emails may also be sent to customers who have opted to receive information about promotional prices, new Epik features, new TLDs, new services, domain industry news, and the like. Notably, domain transfers between Epik accounts or between Epik and another domain registrar cannot function properly without email notifications. That is true of all domain registrars. Your email address is also used to validate account ownership and to restore access in the event that a password is forgotten.

(2) Security

Your password is used to provide secure account access at Epik. Your user name is used to identify accounts in contexts where you don't wish to share your personal name or email address. For example, when moving a domain from someone else's account to yours, you may not wish to divulge personally identifying information. As a pseudonym tied to your account, the user name can be a useful substitute.

We refer to your account PIN # in the event that a password is forgotten and you cannot reset it through email. For customers who have lost email access but who can contact Epik by phone, chat or an alternative email address not on file, this is often a life saver. For those who have misplaced their PIN # or did not take note of it while logged into their account, will be able to submit requested information such as a valid ID and selfie through our account with Validation.com. A link will be supplied to go to in order to submit the requested information for review.

(3) Payments

We gather payment details only for the limited purpose of processing payments from you to Epik or from Epik to you. Bank information is only recorded when processing wire transfers between Epik and customers who choose to pay or be paid in this way. Details are recorded for auditing purposes, in order to match Epik's registrar transactions with bank account records.

Full credit / debit card details are never stored by Epik's system during or after checkout. We simply transmit them to Epik's payment processor and also to a contracted fraud detection service. Heavily redacted representations of the credit card number do exist on the Epik system, showing only a few digits. These are used to differentiate between payment methods when researching transaction history. The redacted versions are also displayed to you inside your Epik account so that you can identify 1 card among many. Sending your credit card details to Epik by email or over the phone is highly discouraged.

Your Paypal address may be saved in order to offer a more streamlined checkout process at Epik. Additionally, if you choose to use Paypal for recurring payments to Epik, we need to associate the stored Paypal address with your Epik account. Epik cannot see your Paypal password. Sometimes Epik requests your Paypal address in order to issue you a refund or pay you.

Epik may store your credit / debit card's expiration date. We use this information to alert you when a card on file is about to expire. This is important to avoid payment failures associated with auto-renewal, monthly hosting, or monthly domain Rental / Purchase plans. Since the consequences of missed payments can be severe and stressful, Epik hopes to prevent headaches for its customers by warning them in advance. This also minimizes the number of renewal reminders we would otherwise send to customers. That means less email clutter.

(4) Additional Authorization

Some TLD registries require additional information before a domain name can be registered. For example, to use .CN or even .COM inside China, the Chinese government requires a scanned copy of government-issued ID. Likewise, Australia requires an ABN (Australian Business Number) or even a trademark number in order to process .AU registrations. Epik does not collect this information from you unless we need it to process a domain registration that you have ordered.

In rare cases, Epik must investigate suspicious activity, including credit card theft. Or you may find yourself completely locked out of your Epik account, if you have lost email access and cannot remember any of your security credentials. Under those unusual circumstances, Epik may ask some customers to voluntarily submit a copy of government-issued ID in order to prove their identity. This is strictly voluntary, and it is meant to protect customers and non-customers from fraud. Some European customers volunteer their VAT number for purposes of invoicing.

(5) Support Inquiries

In the context of support tickets, Epik relies on your first and last name, email address, and account PIN number in several ways: to validate your identity, locate your account quickly, search for your ticket within our system, and reply to you. This information is preserved indefinitely along with the messages themselves. We use it to train support staff, document abuse allegations, identify and fix glitches, and research customer history in order to help you in the future.

(6) Domain Inquiries

When someone has questions about a domain name, wishes to buy it, or wishes to complain about trademark infringement, they will often attempt to contact Epik or the domain owner. This can occur at various points on the Epik platform, including our whois lookup portal (whois.epik.com), via Epik support channels, through a parked domain page, or through a listing created by you in the Epik marketplace.

When the person is attempting to contact the domain owner, we pass their details and message along to that owner. At the same time, Epik maintains an internal copy of the information. This includes all pertinent information: first and last name, phone number, email address, offer amount (if applicable), and message text. Storing a backup copy allows Epik to forward the message to the domain owner when the first email delivery failed for some reason. Epik may also use this data to build an internal messaging system, which allows customers to track their domain inquiries more efficiently. Epik also analyzes this data to measure and improve marketplace performance for the benefit of our customers. Also, if the person who contacted a domain owner later chooses to request help from Epik, then Epik may refer to the relevant messages.

(7) Online Interactions

Epik uses data related to your IP address to make our website more relevant. For example, we may try to show the local currency or language. Your IP address is also a factor in assessing the risk of credit card fraud, since stolen cards are often used by criminals in remote overseas locations.

Like most websites, Epik tracks page views and links clicked in order to measure the effectiveness of our email campaigns and website interface. This automatic feedback is crucial for online companies to improve the user experience – making it easier for customers to find what they're looking for, eliminating unused features that clutter a website, delivering more relevant messages, and minimizing the number of unwanted emails we deliver.

We also use page views in Epik's support channel so that our agents can know, in real time, which page you are viewing (and which is perhaps giving you difficulty). Most importantly, Epik tracks changes made by the user inside their Epik account in order to troubleshoot errors, reverse accidental changes, and defeat hackers.

Epik uses "cookies", which are small files transferred to your browser. Cookies allow us to provide a seamless user experience. For example, they let you stay logged in. They also help us display the appropriate language and currency for you. Epik may use cookies to track the way customers move throughout the website and interact with ad campaigns or email messages. This helps us improve the website layout. Cookies are also used to process coupon codes, which save you money.

If you believe Epik is using your personal information in some way not described above, please contact us. Our goal is complete transparency. If anything has been left out, that omission is accidental and will be corrected promptly once you let us know.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the policy list the personal data it collects? Yes, generally

7/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

All general categories of collected personal data are listed, though not all types of personal data are explicitly mentioned (for example, the list might use a phrase like 'such as' when listing types of personal data).

Possible Options

No0/10
Only summarily3/10
Yes, generally7/10
Yes, exhaustively10/10
N/A (no personal information is collected)10/10

Citation

(1) Account Creation

When you create an Epik account, we collect the following information from you:

  • First and Last Name
  • Email Address
  • Postal Address
  • Phone Number (2) Security

Additionally, Epik asks new customers to select or create the following:

  • User Name
  • Password (3) Payments

When processing payments by you to Epik or disbursing funds from Epik to you, we naturally collect information about the payment method used:

  • Credit / Debit Card
  • Paypal
  • Bitcoin
  • Bank Account (for Wire Transfers) (4) Additional Authorization

In rare cases, Epik may request further information on a strictly voluntary basis:

  • Citizenship information
  • Scanned copies of government-issued ID
  • VAT Number (5) Support Inquiries

If you contact Epik customer support, our system will log pertinent information, which may include:

  • Fist and Last Name
  • Email Address
  • Account PIN Number
  • Message text (6) Domain Inquiries

When someone inquires about a domain name that is registered at Epik, that person may be addressing the owner, or Epik, or (due to confusion) someone else. Such communications pass through Epik's system, and we keep a record:

  • First and Last Name
  • Phone Number
  • Email Address
  • Offer Amount (if any)
  • Message Text (7) Online Interactions

When you visit the Epik platform – including any of our websites, apps, or support channels – or interact with an email message sent by us, Epik may log pertinent data:

  • IP Address
  • Online Actions (pages viewed, links clicked, settings altered) Note: Epik does not track your online behavior except as it relates to the Epik platform.

If you believe some personal information gathered by Epik has been omitted from the list above, please notify us so that we can add a clear explanation. Our goal is complete transparency.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service collect personal data from third parties? No

10/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

This includes the use of data brokers and independent verification authorities (such as background check providers).

Possible Options

Yes0/10
Only for critical data7/10
No10/10

Note

There is no mention of such in the policy.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow the user to control whether personal data is used or collected for non-critical purposes? On an opt-in basis

5/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

Non-critical use of personal data is not enabled by default.

Some services allow users to opt-out or opt-in to of non-critical collection or use of personal data, such as collecting data for personalized advertisements.

Possible Options

No0/5
On an opt-out basis, but only for some non-critical data/uses1.5/5
On an opt-out basis, for all non-critical data/uses3/5
N/A (no data used for non-critical purposes)5/5
On an opt-in basis5/5

Citation

Marketing emails may also be sent to customers who have opted to receive information about promotional prices, new Epik features, new TLDs, new services, domain industry news, and the like.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Handling

Does the policy allow personally-targeted or behavioral marketing? No

10/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

Possible Options

Yes0/10
Yes, but you can opt-out3.5/10
Yes, but you must opt-in7/10
No10/10

Note

There is no mention of such in the policy.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow third-party access to private personal data? Yes, not all parties specified (but only to critical service providers)

7/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

This may come in the form of outright data sharing or by using local third-party analytics software (such as Google Analytics, which collects a plethora of user information).

Note that whether the policy allows sharing aggregated user data does not affect this question.

If the personal data is encrypted when it passes through the third-party, it does not count as third-party access (as the data is inaccessible to that party).

If personal data has been made public by, for example, posting it to a blog, it does not count as private personal information (and is therefore not considered by this question).

Possible Options

Yes, not all parties specified0/10
Yes, all parties specified (including non-critical service providers such as advertisers)3/10
Yes, not all parties specified (but only to critical service providers)7/10
Yes, all parties specified (only to critical service providers)8/10
No10/10

Citation

Epik will only share your information with third parties as described in this document, or as authorized by you, or when doing so is truly necessary. In the last case, Epik will notify you promptly.

Registering a domain name causes your contact information to be instantly listed in the public whois database. Specifically, your first and last name, email address, phone number, and mailing address will appear on a variety of whois lookup portals. This ICANN requirement governs all domain registrars, not just Epik. Over the years, many third parties have scraped the public whois data, packaged, and resold it. Epik is not responsible for this unavoidable consequence of ICANN's longstanding policy, nor are most other registrars.

[...]

Epik may also be required to share these whois contact details with the registry that governs a particular TLD (domain ending). Policies in this regard differ. There are over 1000 TLDs, which imply numerous registries whose products (TLDs) are sold by registrars like Epik. When you register a domain name, you should assume that these details will be shared by Epik with the registry operator in question. This is based on the registrar-registry agreement Epik has signed with them, which is how we offer the TLD to you as a customer. Registries rarely act as registrars themselves. So it is normally necessary to register a domain through a registrar which, in turn, shares the data with a registry.

In some cases, Epik is a reseller, offering some TLD through another company, which is itself the registrar. This means Epik is 2 degrees removed from the registry. This practice is common for obscure country code TLDs, which may have complicated registration requirements. In these instances, Epik offers front-line customer support, relying on an upstream provider's local country credentials. This allows you to do business with Epik, consolidating your various TLDs with 1 company, rather than creating multiple accounts elsewhere. That means more efficiency and less scattered personal information. In order to function in this way, Epik must supply your whois contact details to the upstream registrar, which, in turn, supplies them to the TLD registry.

Epik is also required by ICANN to store backup information with a data escrow company such as Iron Mountain Digital. This protects you, as a customer, in the unlikely event that a registrar ceases operations. Relying on this securely stored data, another company could reconstruct transactions and continue seamless operation. When you purchase any product or service at Epik, we submit your billing information to the payment processor. Prior to doing so, we may submit such data to a fraud detection service, whose software scans the transaction and assesses the likelihood that a credit card is stolen. Nearly all e-commerce websites do likewise. It is safer to transmit this data to a reputable company that specializes in payment processing than it would be to store that data at Epik.

By purchasing an SSL certificate, you consent that all information provided as part of that certificate will be published online. In fact, that is the basis for SSL certificates. A third party must inspect that data in order for that certificate to be validated. Epik is a reseller of SSL certificates. As such, we share your information with the company that prepares the SSL for you. Likewise, if you purchase a trademark application through Epik, we will share your information with a contractor who processes the application.

Epik may share your login credentials as a "Single Sign-On" among the platforms controlled by us: Epik.com, MasterBucks.com, and Anonymize.com. This minimizes the collection of personal information and improves the user experience, since it allows you to log in to any or all platforms using common information. All of these platforms are maintained by Epik and share a common support staff. So the data is only "shared" in a nominal sense – from our left hand into our right hand.

Some domain names are listed for sale in Epik search results, though they may not be registered at Epik at the time. This occurs because Epik is part of a network of registrars and marketplaces that cross-list such inventory. In fact, Epik belongs to more than 1 such network. Cross-listing in this way helps you find more good domain name options wherever you may be searching. If you purchase a domain name that is listed at Epik in this way, then Epik may need to share some of your information with the company responsible for the domain listing. We only share the bare minimum required to deliver the domain to you once you have purchased it.

In general, Epik seeks to protect whistle blowers, who report misuse of domain names such as phishing. As a general rule, we attempt to investigate and resolve the matter without dislcosing the identity or contact information of the person who lodged the complaint. However, in some cases, Epik may choose to share your identity and contact information with the customer against whom you've complained. This may be done in order for all parties to resolve the matter more efficiently.

If you post comments on a public forum or blog managed by Epik, then any personal details you publish there can be read or compiled by persons, companies, or bots. The same applies to content you publish through website templates or website building programs that you may purchase through us. Epik cannot prevent such external actors from repurposing your messages and personal details nor from sending you unsolicited messages if you choose to expose your personal details in a way that allows them to do so. Epik will never obligate you to publish comments in public. Nor will Epik require you to disclose your identity or contact information merely to post a comment in public, assuming you wish to do so.

Of course, when Epik is legally obligated to share your personal details with a third party, then we must do so. This might occur due to a UDRP proceeding, as stipulated by ICANN. Similar mechanisms for resolving trademark disputes exist for various ccTLD registries. Divulging your private details may also be required in order to comply with a court order in civil litigation or to assist law enforcement. Whenever Epik is forced to divulge your personal information, we will make an effort to notify you promptly regarding what personal details have been shared, with whom, and why.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow you to permanently delete your personal data? Yes, by contacting someone

3/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

Even if there is a reasonable delay before the data is fully deleted (as is common), the data still counts as "permanently deleted" and satisfies the parameters for this question.

Possible Options

No0/5
Yes, by contacting someone3/5
Yes, using an automated mechanism5/5
N/A (no personal information collected)5/5

Citation

If you are an EU citizen, then beginning May 25, 2018, you have detailed privacy rights governed by the European Union's General Data Protection Regulation (GDPR). Specifically, you have the right to:

(1) Access (GDPR 15) (2) Rectification (GDRP 16) (3) Erasure (GDPR 17) (4) Restriction (GDPR 18) (5) Portability (GDPR 20) (6) Objection (GDPR 21)

Note

EU citizens can excerise GDPR 17 and delete their account. Non-EU citizens are not informed on their rights to erasure.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


When does the policy allow law enforcement access to personal data? Only when required by a court order or subpoena

4/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

Possible Options

Always0/5
Not specified0/5
When reasonably requested3/5
Only when required by a court order or subpoena4/5
N/A (no personal data to share)5/5
Never (special legal jurisdiction)5/5

Citation

Of course, when Epik is legally obligated to share your personal details with a third party, then we must do so. This might occur due to a UDRP proceeding, as stipulated by ICANN. Similar mechanisms for resolving trademark disputes exist for various ccTLD registries. Divulging your private details may also be required in order to comply with a court order in civil litigation or to assist law enforcement. Whenever Epik is forced to divulge your personal information, we will make an effort to notify you promptly regarding what personal details have been shared, with whom, and why.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.



Warnings

Epik has no warnings published on PrivacySpy. PrivacySpy publishes warnings when it learns a service has announced a data breach or is found misusing user data. If you believe a warning should be published for Epik, submit one here.


Highlighted Policy Snapshot ALPHA

No highlighted policy snapshot has been created for this privacy policy. To view the policy at its original location, click here.

7.8/10

How we calculate ratings →


Version Added

May 18, 2020

Ratings Updated

May 18, 2020

Warnings

0

Maintained by

doamatto

Original Location
Open in New Tab
Other Versions