Privacy Policy
Last reviewed: October 30, 2025
1. Introduction
This Privacy Policy explains what information Iframely collects, how it is used, and how it is protected.
Iframely distinguishes two types of users depending on how they access our Services and Sites:
Customers are people using the iframely.com website to access and manage their APIs.
Users are our Customers’ end-users who may be exposed to the Service via the iframe.ly domain or content delivery network (CDN) aliases.
Iframely is committed to protecting privacy and handling personal data responsibly, in compliance with industry rules, regulations and security frameworks. We built Iframely to make the web more connected and more safe — not to collect personal information.
2. Information we do NOT collect
Iframely does not collect any personally identifiable information about Users (our Customers’ end-users). Our firewall and web servers on the iframe.ly web domain and CDN aliases:
Do not set any Internet cookies.
Are configured not to pass any personally identifiable information to upstream application servers.
Enterprise Customers may bring their own CDN to further insulate their Users from the Iframely network and use the Service via a white-label alias.
Depending on the Iframely CDN configured for a Customer’s account, there may be a technical security cookie from Cloudflare or a similar mechanism.
3. Information we collect from Customers
To access their accounts at the iframely.com domain, Customers must provide their full name, email address, and password to sign up or log in to the Services.
This personal data travels securely over strong encryption protocols such as TLS and is encrypted at rest. Passwords are stored only as slow hash values, which allow comparison with entry strings but cannot be reverse-engineered.
HTTP cookies are used solely to maintain active Customer sessions.
For billing purposes, Iframely also keeps anonymized information about Customers’ usage (“hits” recorded once per hour per URL).
Billing usage data is not associated with any personally identifiable information from Users and remains available in itemized form for up to one month before being aggregated and archived.
Customers’ credit card information is safely stored with our PCI-compliant payment service provider, Stripe Inc. Credit card input and submission occur directly through Stripe, and Iframely only has access to the last four digits of the card as a reminder for the Customer. Please refer to Stripe’s Privacy Policy for more information.
4. Data Use and Processing
Iframely acts as:
Data Controller for Customer account information (login, billing, contact).
Data Processor for content retrieval, display, and caching of public URLs on behalf of Customers.
We process Customer data only for the purposes of:
Providing and maintaining the Services;
Enabling authentication and billing; and
Ensuring technical functionality and security.
We rely on the lawful basis of contract performance for processing necessary to deliver the Services and legitimate interest for ensuring security and preventing abuse.
5. Third-Party Media and APIs
As per the Terms of Use, Iframely is a technical intermediary for Third-Party media.
Iframely gathers publicly available information about URLs and uses developer APIs from select providers such as YouTube API Services, Meta Graph API, oEmbed integrations, and others. Iframely also provides mechanisms for displaying rich media directly from Third-Party publishers to Customers’ end-users.
Because of this, Iframely’s Privacy Policy encompasses the relevant privacy policies of any media providers a Customer chooses to use, including but not limited to Google’s privacy policy and the policies of Twitter, and Meta.
Iframely provides tools that help Customers let their Users control such exposure.
We expect all media providers to comply with the EU General Data Protection Regulation (GDPR) and other applicable privacy laws. Should a provider become non-compliant, Iframely reserves the right to remove related rich media from the Service.
6. Data Retention and Deletion
Iframely takes commercially reasonable and industry-recognized security measures to protect against unauthorized access to information shared with us.
We monitor for data breaches and introduced other security controls in compliance with privacy and security regulations and frameworks. We will inform affected Customers within 72 hours of becoming aware of a security incident.
Upon closing an account, all Customer data is deleted from Iframely’s and our service providers’ servers, where and when retention is required by applicable tax laws.
Customers may request data deletion at any time by sending an email to support@iframely.com from their account email address.
7. URL Data
Iframely only works with public URLs, and Customers’ URL data is not considered private. This data can be rebuilt upon request if it is still available at the origin. URL data is cached by Iframely for up to thirty days and deleted when no longer used.
Except for billing purposes described in Section 3, Customers’ data is not shared with internal or external parties.
When a Customer closes an account, any Iframely content linked to static IDs will continue working with Iframely’s default settings, according to the applicable pricing commitments.
8. Customer Rights
Customers have the right to:
Using site, access the personal data we hold about them;
Request correction or deletion of their personal data;
Withdraw consent (where applicable); and
Lodge a complaint with a supervisory authority.
Requests can be made by contacting support@iframely.com
9. Children’s Privacy
Iframely’s Services are not directed to individuals under the age of 16. We do not knowingly collect any personal data from minors.
10. Contact Information
Company: Itteco Software Corp.
Address: 506 Queen Elizabeth Drwy, Ottawa, Ontario, Canada
Email: support@iframely.com
Jurisdiction: this Privacy Policy is governed by the laws of Canada and the Province of Ontario.
11. Changes to this policy
We may update this Privacy Policy from time to time and will revise it at least annually to verify our privacy commitments are up-to-date. Any significant changes will be communicated through our website or via email before they take effect.