Effective May 25, 2018
Iframely distinguishes two types of users depending on how they access the Services and Sites. Customers are people using iframely.com and klip.to websites to access and manage their APIs. Users are the end-users of our customers, who are exposed to the Service via iframe.ly domain or content delivery network aliases.
Iframely does not collect any personally identifiable information about Users on iframe.ly domain. Iframely servers do not set any Internet cookies on iframe.ly domain.
However, there may be a security cookie from CloudFlare, if the current configuration is using it as the content delivery network. Also, we may use Google Analytics product for realtime uptime monitoring purposes. Such uptime monitoring data is anonymous, is done on a subset of Users with desktop Google Chrome browser (so no mix of vendors) and is kept with Google for the shortest possible period of time.
Customers who access their accounts at iframely.com domain are required to use their full name, e-mail address and password to sign up or log in to Services. This personal data is transmitted over the wire with a strong SSL encryption. Passwords are stored only as the hash values that allow comparison with entry strings but no reverse engineering of actual passwords. HTTP cookies are used to establish Customers' user-sessions.
Iframely will keep other anonymized non-personal information about Customer's usage that is required for billing purposes ("hits" that are recorded once per hour per URL). It isn't associated with any personally identifiable information from Users and is kept in detailed form only for up to two months, after which, it is aggregated and archived.
We expect any and all media providers to honor EU General Data Protection Regulation (GDPR). Should a provider become non-compliant, Iframely reserves the right to remove related rich media from the Service.
Iframely takes commercially reasonable and industry defacto-standard security measures to protect against unauthorized access to that information Customers share with us and that we store. Iframely monitors for data breaches and will inform affected Customers within 72 hours of first becoming aware of a security incident.
Upon cancellation of an account, any Customer's personal data is completely deleted from Iframely's and any service providers' servers, except those required for accounting purposes. Records no longer required for accounting purposes will be destroyed as Canadian record keeping guidelines.
Customers' URL data, though not considered private as Iframely only works with public URLs, is kept for caching purposes only and is deleted when no longer required. When Customer closes the account, any Iframely iFrames that were linked to static short URLs will continue working with Iframely default settings according to Iframely pricing commitments.