All.CA, Inc. (All.CA) operates All.CA (the domain name registrar and marketplace), as well as other products and services as identified within our All.CA page.
What Info is Collected
(1) Account Creation
When you create an All.CA account, we collect the following information from you:
- First and Last Name
- Email Address
- Postal Address
- Phone Number
Additionally, All.CA asks new customers to select or create the following:
- User Name
When processing payments by you to All.CA or disbursing funds from All.CA to you, we naturally collect information about the payment method used:
- Credit / Debit Card
- Bank Account (for Wire Transfers)
(4) Additional Authorization
In rare cases, All.CA may request further information on a strictly voluntary basis:
- Citizenship information
- Scanned copies of government-issued ID
- VAT Number
(5) Support Inquiries
If you contact All.CA customer support, our system will log pertinent information, which may include:
- Fist and Last Name
- Email Address
- Account PIN Number
- Message text
(6) Domain Inquiries
When someone inquires about a domain name that is registered at All.CA, that person may be addressing the owner, or All.CA, or (due to confusion) someone else. Such communications pass through All.CA's system, and we keep a record:
- First and Last Name
- Phone Number
- Email Address
- Offer Amount (if any)
- Message Text
(7) Online Interactions
When you visit the All.CA platform – including any of our websites, apps, or support channels – or interact with an email message sent by us, All.CA may log pertinent data:
- IP Address
- Online Actions (pages viewed, links clicked, settings altered)
Note: All.CA does not track your online behavior except as it relates to the All.CA platform.
If you believe some personal information gathered by All.CA has been omitted from the list above, please notify us so that we can add a clear explanation. Our goal is complete transparency.
How Information is Used
This description mirrors the numbering used in the previous section.
(1) Account Creation
When registering a domain name, ownership and contact details are required by ICANN and other TLD registry operators. These include first and last name, mailing address, phone number, and email address. Such details are used to identify the domain name's legal owner as well as to contact the administrator in the event of alleged abuse. All.CA cannot process domain registrations without this basic information.
Although some TLDs (domain endings) require additional kinds of information beyond those data cited, for most TLDs these are sufficient. To minimize intrusiveness, All.CA gathers only what we need for the most common TLDs. This core information is requested at the moment of account creation because, as a domain registrar, All.CA anticipates that most customers will register or transfer a domain soon after creating an account. For a streamlined experience, our goal is to have customers fill out only one form.
Additionally, All.CA relies on these details – especially name, email address, and phone number – to identify customers correctly when they contact All.CA support. In cases where All.CA must contact you about a problem, we rely on both email and phone, since either method alone may fail. Collecting your phone number also allows All.CA to offer 2-factor authentication as an additional security option – safer than password protection alone.
As a global company, we also refer to state and country information to choose the right time of day to call. In rare cases, legal notices must be delivered by physical post to the address on file. Mailing address information is also used to assess eligibility for certain TLD registrations, which are sometimes limited to particular countries or even cities. This helps All.CA show relevant TLDs to you via email or on our website. With more than 1000 TLDs in existence, we can improve the user experience by focusing on those with a connection to you based on language or location. All.CA also uses geographical information to perform a statistical analysis of our customer base.
All.CA sends automated renewal reminders via email to help customers avoid unintentional service interruptions, additional fees, or total loss of a domain name once it expires. Email is also used to notify customers of important issues such as policy changes, outages, security breaches, price increases, and so forth. Marketing emails may also be sent to customers who have opted to receive information about promotional prices, new All.CA features, new TLDs, new services, domain industry news, and the like. Notably, domain transfers between All.CA accounts or between All.CA and another domain registrar cannot function properly without email notifications. That is true of all domain registrars. Your email address is also used to validate account ownership and to restore access in the event that a password is forgotten.
Your password is used to provide secure account access at All.CA. Your user name is used to identify accounts in contexts where you don't wish to share your personal name or email address. For example, when moving a domain from someone else's account to yours, you may not wish to divulge personally identifying information. As a pseudonym tied to your account, the user name can be a useful substitute.
We refer to your account PIN # in the event that a password is forgotten and you cannot reset it through email. For customers who have lost email access but who can contact All.CA by phone, chat or an alternative email address not on file, this is often a life saver. For those who have misplaced their PIN # or did not take note of it while logged into their account, will be able to submit requested information such as a valid ID and selfie through our account with Validation.com. A link will be supplied to go to in order to submit the requested information for review.
We gather payment details only for the limited purpose of processing payments from you to All.CA or from All.CA to you. Bank information is only recorded when processing wire transfers between All.CA and customers who choose to pay or be paid in this way. Details are recorded for auditing purposes, in order to match All.CA's registrar transactions with bank account records.
Full credit / debit card details are never stored by All.CA's system during or after checkout. We simply transmit them to All.CA's payment processor and also to a contracted fraud detection service. Heavily redacted representations of the credit card number do exist on the All.CA system, showing only a few digits. These are used to differentiate between payment methods when researching transaction history. The redacted versions are also displayed to you inside your All.CA account so that you can identify 1 card among many. Sending your credit card details to All.CA by email or over the phone is highly discouraged.
All.CA may store your credit / debit card's expiration date. We use this information to alert you when a card on file is about to expire. This is important to avoid payment failures associated with auto-renewal, monthly hosting, or monthly domain Rental / Purchase plans. Since the consequences of missed payments can be severe and stressful, All.CA hopes to prevent headaches for its customers by warning them in advance. This also minimizes the number of renewal reminders we would otherwise send to customers. That means less email clutter.
(4) Additional Authorization
Some TLD registries require additional information before a domain name can be registered. For example, to use .CN or even .COM inside China, the Chinese government requires a scanned copy of government-issued ID. Likewise, Australia requires an ABN (Australian Business Number) or even a trademark number in order to process .AU registrations. All.CA does not collect this information from you unless we need it to process a domain registration that you have ordered.
In rare cases, All.CA must investigate suspicious activity, including credit card theft. Or you may find yourself completely locked out of your All.CA account, if you have lost email access and cannot remember any of your security credentials. Under those unusual circumstances, All.CA may ask some customers to voluntarily submit a copy of government-issued ID in order to prove their identity. This is strictly voluntary, and it is meant to protect customers and non-customers from fraud. Some European customers volunteer their VAT number for purposes of invoicing.
(5) Support Inquiries
In the context of support tickets, All.CA relies on your first and last name, email address, and account PIN number in several ways: to validate your identity, locate your account quickly, search for your ticket within our system, and reply to you. This information is preserved indefinitely along with the messages themselves. We use it to train support staff, document abuse allegations, identify and fix glitches, and research customer history in order to help you in the future.
(6) Domain Inquiries
When someone has questions about a domain name, wishes to buy it, or wishes to complain about trademark infringement, they will often attempt to contact All.CA or the domain owner. This can occur at various points on the All.CA platform, via All.CA support channels, through a parked domain page, or through a listing created by you in the All.CA marketplace.
When the person is attempting to contact the domain owner, we pass their details and message along to that owner. At the same time, All.CA maintains an internal copy of the information. This includes all pertinent information: first and last name, phone number, email address, offer amount (if applicable), and message text. Storing a backup copy allows All.CA to forward the message to the domain owner when the first email delivery failed for some reason. All.CA may also use this data to build an internal messaging system, which allows customers to track their domain inquiries more efficiently. All.CA also analyzes this data to measure and improve marketplace performance for the benefit of our customers. Also, if the person who contacted a domain owner later chooses to request help from All.CA, then All.CA may refer to the relevant messages.
(7) Online Interactions
All.CA uses data related to your IP address to make our website more relevant. For example, we may try to show the local currency or language. Your IP address is also a factor in assessing the risk of credit card fraud, since stolen cards are often used by criminals in remote overseas locations.
Like most websites, All.CA tracks page views and links clicked in order to measure the effectiveness of our email campaigns and website interface. This automatic feedback is crucial for online companies to improve the user experience – making it easier for customers to find what they're looking for, eliminating unused features that clutter a website, delivering more relevant messages, and minimizing the number of unwanted emails we deliver.
We also use page views in All.CA's support channel so that our agents can know, in real time, which page you are viewing (and which is perhaps giving you difficulty). Most importantly, All.CA tracks changes made by the user inside their All.CA account in order to troubleshoot errors, reverse accidental changes, and defeat hackers.
If you believe All.CA is using your personal information in some way not described above, please contact us. Our goal is complete transparency. If anything has been left out, that omission is accidental and will be corrected promptly once you let us know.
What Info is Shared
All.CA will only share your information with third parties as described in this document, or as authorized by you, or when doing so is truly necessary. In the last case, All.CA will notify you promptly.
Registering a domain name causes your contact information to be instantly listed in the public whois database. Specifically, your first and last name, email address, phone number, and mailing address will appear on a variety of whois lookup portals. This ICANN requirement governs all domain registrars, not just All.CA. Over the years, many third parties have scraped the public whois data, packaged, and resold it. All.CA is not responsible for this unavoidable consequence of ICANN's longstanding policy, nor are most other registrars.
All.CA may also be required to share these whois contact details with the registry that governs a particular TLD (domain ending). Policies in this regard differ. There are over 1000 TLDs, which imply numerous registries whose products (TLDs) are sold by registrars like All.CA. When you register a domain name, you should assume that these details will be shared by All.CA with the registry operator in question. This is based on the registrar-registry agreement All.CA has signed with them, which is how we offer the TLD to you as a customer. Registries rarely act as registrars themselves. So it is normally necessary to register a domain through a registrar which, in turn, shares the data with a registry.
In some cases, All.CA is a reseller, offering some TLD through another company, which is itself the registrar. This means All.CA is 2 degrees removed from the registry. This practice is common for obscure country code TLDs, which may have complicated registration requirements. In these instances, All.CA offers front-line customer support, relying on an upstream provider's local country credentials. This allows you to do business with All.CA, consolidating your various TLDs with 1 company, rather than creating multiple accounts elsewhere. That means more efficiency and less scattered personal information. In order to function in this way, All.CA must supply your whois contact details to the upstream registrar, which, in turn, supplies them to the TLD registry.
All.CA is also required by ICANN to store backup information with a data escrow company such as Iron Mountain Digital. This protects you, as a customer, in the unlikely event that a registrar ceases operations. Relying on this securely stored data, another company could reconstruct transactions and continue seamless operation.When you purchase any product or service at All.CA, we submit your billing information to the payment processor. Prior to doing so, we may submit such data to a fraud detection service, whose software scans the transaction and assesses the likelihood that a credit card is stolen. Nearly all e-commerce websites do likewise. It is safer to transmit this data to a reputable company that specializes in payment processing than it would be to store that data at All.CA.
By purchasing an SSL certificate, you consent that all information provided as part of that certificate will be published online. In fact, that is the basis for SSL certificates. A third party must inspect that data in order for that certificate to be validated.All.CA is a reseller of SSL certificates. As such, we share your information with the company that prepares the SSL for you. Likewise, if you purchase a trademark application through All.CA, we will share your information with a contractor who processes the application.
Some domain names are listed for sale in All.CA search results, though they may not be registered at All.CA at the time. This occurs because All.CA is part of a network of registrars and marketplaces that cross-list such inventory. In fact, All.CA belongs to more than 1 such network. Cross-listing in this way helps you find more good domain name options wherever you may be searching. If you purchase a domain name that is listed at All.CA in this way, then All.CA may need to share some of your information with the company responsible for the domain listing. We only share the bare minimum required to deliver the domain to you once you have purchased it.
In general, All.CA seeks to protect whistle blowers, who report misuse of domain names such as phishing. As a general rule, we attempt to investigate and resolve the matter without disclosing the identity or contact information of the person who lodged the complaint. However, in some cases, All.CA may choose to share your identity and contact information with the customer against whom you've complained. This may be done in order for all parties to resolve the matter more efficiently.
If you post comments on a public forum or blog managed by All.CA, then any personal details you publish there can be read or compiled by persons, companies, or bots. The same applies to content you publish through website templates or website building programs that you may purchase through us. All.CA cannot prevent such external actors from repurposing your messages and personal details nor from sending you unsolicited messages if you choose to expose your personal details in a way that allows them to do so. All.CA will never obligate you to publish comments in public. Nor will All.CA require you to disclose your identity or contact information merely to post a comment in public, assuming you wish to do so.
Of course, when All.CA is legally obligated to share your personal details with a third party, then we must do so. This might occur due to a UDRP proceeding, as stipulated by ICANN. Similar mechanisms for resolving trademark disputes exist for various ccTLD registries. Divulging your private details may also be required in order to comply with a court order in civil litigation or to assist law enforcement. Whenever All.CA is forced to divulge your personal information, we will make an effort to notify you promptly regarding what personal details have been shared, with whom, and why.
At any time, you can request to know what personal information related to you – if any – All.CA has stored or processed. For questions, please contact firstname.lastname@example.org. Please note that we will require you to prove your identity before divulging private information.
All customers can modify their preferences regarding email notifications. All.CA gives you granular control over which emails you receive – and how frequently we send them. Settings can be found and modified within your All.CA account at any time. Though, of course, we do include an "unsubscribe" link in the email itself, we recommend modifying your permissions within the account. Clicking "unsubscribe" can cause other kinds of email notifications to be blocked – not just those that resemble the message in question. Some notifications, such as renewal reminders, can be crucial. If a domain expires, you may lose ownership of it completely. For your own sake, please consider carefully which emails you wish to discontinue altogether. Or if you wish to avoid receiving all email, then perhaps consider setting your domains to auto-renew first, while ensuring that your card on file will not itself be expiring.
If you are an EU citizen, then beginning May 25, 2018, you have detailed privacy rights governed by the European Union's General Data Protection Regulation (GDPR). Specifically, you have the right to:
(1) Access (GDPR 15)
(2) Rectification (GDRP 16)
(3) Erasure (GDPR 17)
(4) Restriction (GDPR 18)
(5) Portability (GDPR 20)
(6) Objection (GDPR 21)
For more information, consult the GDPR regulation itself, referring to the article numbers cited above. If you believe All.CA is not complying with the GDPR in some respect, please let us know. We will make every effort to abide by this new law.