Privacy Policy

Effective May 25, 2018

This Privacy Policy discloses what information we collect from users and how it is used.

Iframely distinguishes two types of users depending on how they access the Services and Sites. Customers are people using and websites to access and manage their APIs. Users are the end-users of our customers, who are exposed to the Service via domain or content delivery network aliases.

  1. Iframely does not collect any personally identifiable information about Users on domain. Iframely servers do not set any Internet cookies on domain.

  2. However, there may be a security cookie from CloudFlare, if the current configuration is using it as the content delivery network. Also, we may use Google Analytics product for realtime uptime monitoring purposes. Such uptime monitoring data is anonymous, is done on a subset of Users with desktop Google Chrome browser (so no mix of vendors) and is kept with Google for the shortest possible period of time.

  3. Customers who access their accounts at domain are required to use their full name, e-mail address and password to sign up or log in to Services. This personal data is transmitted over the wire with a strong SSL encryption. Passwords are stored only as the hash values that allow comparison with entry strings but no reverse engineering of actual passwords. HTTP cookies are used to establish Customers' user-sessions.

  4. Iframely will keep other anonymized non-personal information about Customer's usage that is required for billing purposes ("hits" that are recorded once per hour per URL). It isn't associated with any personally identifiable information from Users and is kept in detailed form only for up to two months, after which, it is aggregated and archived.

  5. Customers' credit card information is safely stored with our PCI-compliant payment service provider (Stripe Inc.). Input and submission of user's credit card are done directly to Stripe and Iframely is granted access only to the last 4 digits of the cards to use it as a reminder for the Customers. Please, see Stripe's own privacy policy with this regard.

  6. As per Terms of Use, Iframely is only a technical intermediary for Third Party media. As such, we cannot control or acknowledge privacy policy of each or any of the media providers.

  7. We expect any and all media providers to honor EU General Data Protection Regulation (GDPR). Should a provider become non-compliant, Iframely reserves the right to remove related rich media from the Service.

  8. Iframely takes commercially reasonable and industry de facto standard security measures to protect against unauthorized access to that information Customers share with us and that we store. Iframely monitors for data breaches and will inform affected Customers within 72 hours of first becoming aware of a security incident.

  9. Upon cancellation of an account, any Customer's personal data is completely deleted from Iframely's and any service providers' servers, except those required for accounting purposes. Records no longer required for accounting purposes will be destroyed as Canadian record keeping guidelines.

  10. Customers' URL data, though not considered private as Iframely only works with public URLs, is kept for caching purposes only and is deleted when no longer required. When Customer closes the account, any Iframely iFrames that were linked to static short URLs will continue working with Iframely default settings according to Iframely pricing commitments.