Privacy Policy
How AIvikings collects, uses, shares, secures, and retains personal data.
This Privacy Policy explains how AIvikings collects and uses personal data when you use our services. AIvikings is the data controller. Contact us at hello@aivikings.ai. We have not appointed a Data Protection Officer; privacy queries go to the same address.
1. Data we collect
Account data: your name, email address, and account credentials.
Registrant data: the contact details required to register a domain, which may include registrant name, email address, postal address, and phone number. Where you register on behalf of someone else, you are responsible for that person's data.
Billing data: information needed to take payment, processed by our payment providers. We do not store full card numbers.
Technical and usage data: API and MCP request logs, IP addresses, timestamps, and similar records needed to operate and secure the services.
Ambassador Program and referral data: if you participate in our Ambassador Program or sign up through a referral link, we process your referral link or code, and the link between an ambassador and the users they refer (the referrer-to-referred relationship). We also process signup and activation events for referred users, such as account creation, completion of a first free domain registration, and completion of a first paid .icu registration, shown in aggregate counts in the ambassador dashboard. Before any reward is issued to an ambassador, we may process identity verification information. We also process reward status and, once billing is live, qualifying paid registration and funding events used to determine and calculate Registration Credit rewards. We use this data to operate the Program, attribute referrals, verify ambassador identity, calculate and issue Registration Credit rewards, and detect and prevent fraud and abuse.
2. Why we use it and our legal basis
We use account, registrant, and billing data to provide the services and register domains (performance of a contract). We use technical data and logs to secure and improve the services and to prevent abuse (legitimate interests). We process and disclose registrant data where required by ICANN policy, registry rules, NIS-2, or other law (legal obligation). We send service messages such as renewal reminders on the basis of contract or legitimate interests.
We process Ambassador Program data on the basis of performance of a contract (the Ambassador Program Terms) for participants, and our legitimate interests in fraud prevention and program integrity. Where a referred user signs up through a referral link, we process the referral attribution on the basis of our legitimate interests, subject to a documented balancing test.
3. Domain registration data and public directories
To register a domain, registrant data must be passed to our upstream accredited registrar partner and to the relevant registry, and some data may appear in public directories (WHOIS / RDAP), usually in redacted form following data-protection rules. Disclosure of non-public registration data to authorities and to legitimate third parties is handled under our published NIS-2 disclosure procedure and third-party data request procedure.
For the top-level domains we offer, registrant contact data is redacted by default in public WHOIS and RDAP output in line with GDPR and registry policy. This default redaction is separate from the optional WHOIS Privacy Service Agreement, which applies only when you enable that service for an eligible domain.
4. Sharing and processors
We share data with service providers who process it on our behalf, including our upstream accredited registrar partner, the relevant domain registries, our payment providers (Stripe and Nicky), and our hosting provider. We share data with authorities and third parties where legally required. Our processors are listed in the Data Processing Agreement.
When billing launches, our payment processor acts as a processor for funding events that determine reward qualification. Until then, no payment-related sharing occurs for Ambassador Program reward qualification.
5. International transfers
Personal data is stored within the EU where reasonably possible. Where a processor or sub-processor involves a transfer outside the EU/EEA, we rely on an appropriate safeguard, such as an adequacy decision, Standard Contractual Clauses, or another lawful transfer mechanism under Chapter V GDPR. The main transfer positions are described in the Data Processing Agreement.
6. Retention
We keep registrant data for as long as the domain is registered through us and for any period afterwards required by ICANN policy or law. We keep account and billing records for as long as needed for the relationship and for legal, tax, and accounting obligations. Logs are kept for a limited period needed for security and operations.
We retain Ambassador Program data, including the referrer-to-referred relationship and reward records, for as long as needed to operate the Program, calculate and issue rewards, meet legal and accounting obligations, and resolve disputes.
7. Ambassador dashboard, referrals, and cookies
Ambassadors can see aggregate counts about users they refer, such as the number of referred users who have signed up and the number who have completed a first registration. Ambassadors do not see referred users' personal identifying details through the dashboard.
If you arrive through a referral link, we may store your referral code using a cookie or similar technology so we can attribute your signup to the referring ambassador. See our Cookie Policy for details and choices.
8. Your rights
Subject to law, you have the right to access, correct, delete, restrict, or object to the processing of your personal data, and to data portability. To exercise these rights, contact hello@aivikings.ai. You may also complain to the Irish Data Protection Commission, or your local supervisory authority.
9. Security
We use technical and organisational measures appropriate to the risk, including encryption in transit, access controls, and logging. No system is perfectly secure, but we work to protect your data and to meet our obligations under NIS-2 and the GDPR.
10. Changes
We may update this policy and will post the updated version with a new "last updated" date.