Modusdom
Book a call
Domains
Find a domain ✦ ModusAI suggestions Transfer in
Email
What we set up Packages
More
Pricing Blog Help About Contact Sign in Book a call
Legal

Privacy Policy

Effective: June 2, 2026 · Version 1.0

Plain-English summary, not a substitute for the policy itself: We collect what's needed to register your domain, run your email, and bill you — nothing more. We never sell your data. We share it only with the partners required to deliver the service (Tucows/OpenSRS, Stripe, our hosting and chat providers). You can see, export, correct, or delete most of your data on request. California residents can opt out of "sharing." EU/UK residents can lodge complaints with their data-protection authority.

1. Introduction & Scope

This Privacy Policy describes how NY Screens Media LLC, operating as Modusdom ("Modusdom," "we," "us," "our"), collects, uses, discloses, and protects personal data when you visit modusdom.com or use our Services. It applies to all customers and visitors regardless of location and supplements (where applicable) the laws of your jurisdiction including the EU and UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and other U.S. state privacy laws.

2. Who We Are (Data Controller)

NY Screens Media LLC (d/b/a Modusdom)
Brooklyn, New York, USA
Privacy contact: privacy@modusdom.com
General contact: hello@modusdom.com

For domain registration data, Tucows Domains Inc. (operating as OpenSRS) acts as a joint controller pursuant to its ICANN Registrar Accreditation Agreement.

3. Categories of Personal Data We Collect

We collect the following categories of personal information:

  • Identity data: first and last name, organization name (optional).
  • Contact data: email address, phone number, postal address.
  • Account & authentication data: hashed password (bcrypt cost 12), session identifiers, password reset tokens (short-lived), OAuth provider identifiers (Google/Microsoft/Apple subject IDs).
  • Billing data: billing address, last 4 digits of payment card, card brand, card expiry month/year, Stripe customer ID, invoice history. Card numbers, security codes, and full PANs are never stored on Modusdom servers; they are tokenized by Stripe.
  • Domain registration (registrant) data: name, organization, postal address, phone, and email for the domain registrant, administrative, technical, and billing contacts as required by ICANN.
  • Mailbox & DNS data: mailbox account name, password (managed by OpenSRS Hosted Email), DNS records (A, AAAA, CNAME, MX, TXT, etc.), forwarding configurations, mail content stored in the mailbox if you use our hosted email service.
  • Support data: messages you send through email or our contact form.
  • Technical / usage data: IP address, user-agent, request timestamps, page-view paths, and security/audit logs.

4. Sources of Personal Data

We collect personal data (a) directly from you when you create an account, register a domain, complete a purchase, or contact support; (b) automatically as you use our Services (technical logs, cookies); (c) from third-party authentication providers when you sign in via Google, Microsoft, or Apple; and (d) from sub-processors handling part of the Service (Stripe for billing data, Tucows/OpenSRS for registry status updates).

5. Purposes of Processing & Legal Basis (GDPR Article 6)

PurposeCategoriesLegal basis (GDPR Art 6)
Register, renew, and transfer your domainsIdentity, Contact, RegistrantPerformance of a contract (Art 6(1)(b)); legal obligation (ICANN policy)
Host your mailbox and DNSMailbox, DNS, IdentityPerformance of a contract
Bill you and process paymentsBilling, Identity, ContactPerformance of a contract; legal obligation (tax records)
Authenticate you to your accountAccount & AuthPerformance of a contract; legitimate interest in account security (Art 6(1)(f))
Provide customer supportSupport, Identity, ContactPerformance of a contract; legitimate interest in resolving issues
Detect fraud and abuseUsage, Billing, IdentityLegitimate interest in security and compliance (Art 6(1)(f))
Comply with ICANN WHOIS verification and registry policiesRegistrantLegal obligation (Art 6(1)(c)); contractual
Send transactional emails (verification, renewal reminders, receipts)Identity, ContactPerformance of a contract
Send marketing emails (only with opt-in)Identity, ContactConsent (Art 6(1)(a))

6. Sub-Processors & Sharing

We share personal data with the following sub-processors strictly to deliver the Services you requested. We do not sell personal data, do not exchange it for value, and do not share it for cross-context behavioral advertising.

Sub-processorPurposeLocationTransfer mechanism
Tucows Inc. (OpenSRS)Domain registration, DNS, hosted emailCanadaUK/EU adequacy (Canada commercial sector)
Stripe, Inc.Payment processing, fraud detectionUSA + globallyEU-U.S. Data Privacy Framework (DPF) + Standard Contractual Clauses (SCCs); PCI-DSS certified
Hostinger International Ltd.Web/database hosting (modusdom.com)Lithuania (EEA) + US edgeIntra-EEA processing; SCCs for non-EEA sub-processors
Google LLCOAuth sign-in (if used)USAEU-U.S. DPF + SCCs
Microsoft Corp.OAuth sign-in (if used)USA / EUEU-U.S. DPF + SCCs; EU Data Boundary
Apple Inc.Sign in with Apple (if used)USAEU-U.S. DPF + SCCs
OpenSRS Hosted Email (Tucows)Mailbox content storage and deliveryCanadaUK/EU adequacy

We may also share data with (a) law enforcement, courts, or government authorities when required by valid legal process, and (b) ICANN, registry operators, and Tucows/OpenSRS as required by registration agreements and consensus policies.

7. WHOIS & Registration Data Policy

ICANN's 2024 Registration Data Policy changed the rules for publicly published registration data. Public WHOIS no longer includes registrant contact data by default; only technical and administrative fields required by registries are made publicly available. We offer free privacy proxy on all TLDs that permit it.

Two TLDs do not permit registrant-data redaction by registry policy: .us (U.S. Department of Commerce policy) and .nyc (City of New York). Registrant data for these TLDs is included in registry-published WHOIS.

8. International Data Transfers

Modusdom is based in the United States. If you are located outside the U.S., your personal data may be transferred to, stored, and processed in the U.S. or other countries where our sub-processors operate. When we transfer personal data from the European Economic Area, Switzerland, or the United Kingdom to a country not subject to an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Agreement (IDTA), and/or the EU-U.S. Data Privacy Framework (where applicable), in each case with supplementary measures as required.

9. Data Retention

  • Account and billing records: while you are a customer, plus 7 years for tax and accounting records (IRS guidance).
  • Registrant data: while the domain is registered through us, plus the retention period required by ICANN and the registry operator, typically the life of the registration plus 2 years.
  • Mailbox content: until you delete it or close the mailbox; permanently deleted within 30 days of mailbox closure.
  • Authentication and security logs: 90 days for support diagnostics; up to 12 months for security and abuse investigations.
  • Marketing consent records: until you withdraw consent, then 3 years for evidentiary purposes.
  • Live-chat transcripts: 12 months from the date of the conversation.

10. Security Measures (GDPR Article 32)

We implement appropriate technical and organizational measures, including: TLS 1.3 in transit; bcrypt password hashing; HTTP-only, secure, SameSite cookies; CSRF protection on state-changing requests; CSP, HSTS, X-Frame-Options, Referrer-Policy headers; principle-of-least-privilege access; audit logging; regular dependency updates; and segregation of customer data. No system is impenetrable; we will notify you and the appropriate authority of any qualifying breach within statutory timelines.

11. Cookies & Tracking Technologies

We use cookies and similar technologies that are strictly necessary to operate the Service (sign-in session, cart, CSRF tokens). No optional / third-party tracking is loaded today — we do not run analytics, advertising pixels, or chat widgets.

EU and UK visitors are shown a cookie banner allowing you to accept, reject, or customize non-essential cookies before they are loaded. We honor the Global Privacy Control (GPC) signal. You can change your cookie choices any time via the "Cookie Settings" link in the footer. See our Cookie Policy for the full inventory.

12. Third-Party Authentication (OAuth)

If you sign in via Google, Microsoft, or Apple, we receive a subject identifier and your verified email address from the provider. We do not receive your password. The provider records the fact that you signed in to Modusdom according to its own privacy policy. You can disconnect any OAuth provider from your account profile.

13. Your Rights under the GDPR / UK GDPR

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights with respect to your personal data:

  • Right of access (Art 15)
  • Right to rectification (Art 16)
  • Right to erasure / "right to be forgotten" (Art 17) — subject to ICANN-mandated retention of registrant data while a domain is registered
  • Right to restrict processing (Art 18)
  • Right to data portability (Art 20)
  • Right to object (Art 21) — including the right to object to processing based on legitimate interest
  • Right to withdraw consent (Art 7(3)) — where processing is based on consent
  • Right not to be subject to a decision based solely on automated processing (Art 22)
  • Right to lodge a complaint with a supervisory authority (Art 77) — in the EU Member State of your habitual residence, place of work, or place of the alleged infringement; in the UK, with the Information Commissioner's Office (ico.org.uk)

To exercise any of these rights, email privacy@modusdom.com. We respond within 30 days (extendable by 60 days for complex requests per Art 12(3)).

14. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what categories of personal information we collect and the categories of sources, purposes, and recipients (disclosed throughout this Policy).
  • Access the specific pieces of personal information we have collected about you in the previous 12 months.
  • Correct inaccurate personal information.
  • Delete personal information we have collected (subject to ICANN retention obligations).
  • Opt out of the sale or sharing of personal information for cross-context behavioral advertising. We do not sell or share for cross-context behavioral advertising, but you may still submit a request: Do Not Sell or Share My Personal Information.
  • Limit the use of sensitive personal information to that necessary to perform the requested Service. We do not collect or use sensitive personal information for any purpose beyond what is necessary to deliver the Services.
  • Non-discrimination for exercising any of these rights.
  • To designate an authorized agent to submit requests on your behalf.

We honor the Global Privacy Control (GPC) signal as an opt-out preference signal under Cal. Code Regs. tit. 11, §7025.

15. Other U.S. State Rights

If you are a resident of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Delaware, Indiana, Tennessee, or another state with a comprehensive privacy law, you may have rights similar to those above (access, correction, deletion, portability, opt-out of targeted advertising and sale of personal data). Submit requests to privacy@modusdom.com.

16. Children's Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13 (or under 16 in the EEA/UK without parental authorization). If we learn we have inadvertently collected such information, we will delete it. If you believe we may have collected information from a child, contact privacy@modusdom.com.

17. Automated Decision-Making & Profiling

We do not make decisions producing legal or similarly significant effects based solely on automated processing. We use Stripe's automated fraud-prevention tools as part of payment processing; you can request a human review of any decline by contacting support.

18. Marketing Communications

Transactional emails (verification, renewal reminders, receipts, security notices) are sent based on contract or legal obligation and cannot be unsubscribed individually. Marketing emails are sent only with your explicit opt-in and include an unsubscribe link in every message per the CAN-SPAM Act. You can manage email preferences in your account profile.

19. Changes to This Policy

We may update this Policy from time to time. For material changes, we will post the updated Policy with a new version number and effective date and email registered users at least 30 days before the changes take effect. Prior versions are archived and available on request.

20. Contact & Complaints

Privacy Inquiries: privacy@modusdom.com
Postal: NY Screens Media LLC, Brooklyn, New York, USA
UK ICO complaints: ico.org.uk/make-a-complaint
EU supervisory authorities: edpb.europa.eu

Version 1.0 · Effective June 2, 2026. Prior versions are available on request. Counsel review: 2026-05.