Effective March 31, 2023
Iframely distinguishes two types of users depending on how they access the Services and Sites.
Customers are people using the iframely.com website to access and manage their APIs. Users are our customers’ end-users, who may be exposed to the Service via iframe.ly domain or content delivery network (CDN) aliases.
Iframely does not collect any personally identifiable information about Users.
Iframely servers do not set any Internet cookies on the iframe.ly web domain and CDN aliases. Our web front fleet is configured not to pass any personally identifiable information to upstream application servers.
Enterprise Customers may bring their own content delivery network and privacy configuration to insulate their Users from the Iframely network further and use it via white-label alias.
Depending on the content delivery network configured for the Customer’s account, there may be a security cookie from Cloudflare or similar technical mechanisms from Customer’s provider.
To access their accounts at the iframely.com domain, customers must use their full name, e-mail address and password to sign up or log in to Services.
This personal data travels over the wire with strong SSL encryption.Passwords are stored only as slow hash values that allow comparison with entry strings but no reverse engineering of actual passwords. HTTP cookies are in use to establish Customers’ user-sessions, ans user-sessions only.
For billing purposes, Iframely will keep other anonymized information about Customers’ usage (“hits” recorded once per hour per URL).
Billing usage data isn’t associated with any personally identifiable information from Users and is available in itemized form only for up to one month. Afterwards, data is aggregated and archived.
Customers’ credit card information is safely stored with our PCI-compliant payment service provider (Stripe Inc.).
Input and submission of user’s credit card are made directly to Stripe, and Iframely is granted access only to the last four digits of the cards to use it as a reminder for the Customers.
Iframely gathers publicly available information about the URLs and also uses vendor developer APIs from select providers, such as YouTube API Services, Meta Graph API, oEmbed integrations and others. In addition, Iframely provides a mechanism for displaying rich media directly from the Third-Party publishers to Customer’s end-users.
Iframely provides tools that help Customers let their Users control such exposure.
As a law-abiding company, we expect media providers to honour the EU General Data Protection Regulation (GDPR) and other applicable privacy laws.
Should a provider become non-compliant, Iframely reserves the right to remove related rich media from the Service.
Iframely takes commercially reasonable and de-facto industry-standard security measures to protect against unauthorized access to information that Customers share with us.
Iframely monitors for data breaches and will inform affected Customers within 72 hours of becoming aware of a security incident.
Upon closing an account, any Customer’s data is completely deleted from Iframely’s and any service providers’ servers, except those required for accounting purposes. Records no longer needed for accounting purposes will be destroyed per Canadian record-keeping guidelines.
Iframely only works with public URLs and Customers’ URL data is not considered private. It can be rebuilt upon request. URL data is kept for caching purposes for up to thirty days and is deleted when no longer used.
Except for the billing purposes described in section 6 of this policy, Customers’ data is not being processed and shared with internal and external parties.
When a Customer closes the account, any Iframely content linked to static IDs will continue working with Iframely’s default settings according to Iframely pricing commitments.