~/sad/privacy

Privacy Policy

Steve Abraham Domains (“we”, “us”, “our”) is a trading name of Steve Abraham, sole trader, based at 14b Seafield Road, Inverness IV1 1SG.
Last updated: February 2026. This policy explains what personal data we collect, why we collect it, and how we handle it.

1. Data Controller

Steve Abraham is the data controller for the personal data processed through this service. You can contact us at .

2. What We Collect

Account information: name, email address, postal address, phone number.

Domain registration data: registrant name, organisation (if applicable), address, email address, phone number — as required by domain registries.

Payment data: card payments are processed by Stripe. We do not store your card details. Stripe’s privacy policy applies to the processing of your payment information.

Technical data: IP address, browser type, and pages visited — collected automatically when you use our website.

3. Legal Basis for Processing

Contract: to provide you with domain registration and related services you have requested.

Legal obligation: to comply with registry requirements, ICANN obligations, and applicable law.

Legitimate interest: to maintain the security of our services, prevent fraud, and improve our platform.

4. How We Use Your Data

We use your personal data to:

5. Who We Share Your Data With

Our upstream registrar (Realtime Register, based in the Netherlands) — to process domain registrations, renewals and transfers.

Domain registries — your registrant data is provided to the relevant registry as required to register your domain. Some registries publish registrant data in public WHOIS directories.

Payment processor (Stripe) — to process card payments.

Law enforcement or regulatory bodies — where we are required to do so by law.

We do not sell your personal data to third parties.

6. International Transfers

Your domain registration data may be transferred to registries outside the UK and EU. These transfers are necessary to perform the domain registration contract and are made in compliance with applicable data protection law.

7. Data Retention

We retain your account and domain registration data for as long as your account is active, and for a reasonable period afterwards to comply with legal obligations and resolve disputes.

Payment records are retained as required by UK tax law (currently six years).

8. Your Rights

Under UK GDPR you have the right to:

Note that some domain registrant data cannot be deleted while a domain is actively registered, as it is required by the relevant registry.

To exercise your rights, contact us at .

9. Cookies

We use essential cookies to operate the website (session management, authentication). We do not use advertising or tracking cookies.

10. Security

We use appropriate technical and organisational measures to protect your personal data, including encrypted connections (TLS), secure password storage, and access controls.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or through our website.

12. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.