Effective May 25, 2018
Iframely distinguishes two types of users depending on how they access the Services and Sites. Customers are people using the iframely.com website to access and manage their APIs. Users are our customers’ end-users, who may be exposed to the Service via iframe.ly domain or content delivery network aliases.
Iframely does not collect any personally identifiable information about Users.
Iframely servers do not set any Internet cookies on the iframe.ly web domain. Our web front fleet is configured not to pass any personally identifiable information to upstream application servers.
Enterprise Customers may bring their own content delivery network and privacy configuration to insulate their Users from the Iframely network further and use it via white-label alias.
Depending on the content delivery network configured for the Customer’s account, there may be a security cookie from Cloudflare or similar technical mechanisms from Customer’s provider.
To access their accounts at the iframely.com domain, customers must use their full name, e-mail address and password to sign up or log in to Services. This personal data travels over the wire with strong SSL encryption. Passwords are stored only as slow hash values that allow comparison with entry strings but no reverse engineering of actual passwords. HTTP cookies are in use to establish Customers’ user-sessions.
For billing purposes, Iframely will keep other anonymized information about Customers’ usage (“hits” recorded once per hour per URL). Billing usage data isn’t associated with any personally identifiable information from Users and is available in itemized form only for up to two months. Afterwards, data is aggregated and archived.
As a law-abiding company, we expect media providers to honour the EU General Data Protection Regulation (GDPR) and other applicable privacy laws. Should a provider become non-compliant, Iframely reserves the right to remove related rich media from the Service.
Iframely takes commercially reasonable and de-facto industry-standard security measures to protect against unauthorized access to information that Customers share with us. Iframely monitors for data breaches and will inform affected Customers within 72 hours of becoming aware of a security incident.
Upon closing an account, any Customer’s data is completely deleted from Iframely’s and any service providers’ servers, except those required for accounting purposes. Records no longer needed for accounting purposes will be destroyed per Canadian record-keeping guidelines.
As Iframely only works with public URLs, Customers’ URL data is not considered private. However, it is kept for caching purposes only and is deleted when no longer required. When a Customer closes the account, any Iframely content linked to static IDs will continue working with Iframely’s default settings according to Iframely pricing commitments.