This Privacy Policy explains how Vianames LLC, d/b/a OrbitFour ("OrbitFour," "we," "us," or "our"), a Michigan limited liability company and an ICANN-accredited domain registrar (IANA ID: 3873), collects, uses, shares, and protects personal information when you use our website and services. We are committed to handling your information transparently and giving you control over it.
Our Privacy Promise
- We will safeguard the information you share with us using appropriate security measures.
- We do not sell your personal information, and we do not share it for cross-context behavioral advertising.
- We share your information only as described in this Policy — for example, as needed to register and maintain your domain, to comply with ICANN requirements, or as required by law.
- You can opt out of marketing communications at any time.
1. Who We Are and How to Contact Us
For personal data we process about you, the data controller is Vianames LLC d/b/a OrbitFour. You can reach our privacy team at:
- Email: [email protected]
- Mail: Vianames LLC d/b/a OrbitFour, Attn: Privacy, 77 Monroe Center NW, STE 600, Grand Rapids, MI 49503, United States
2. Scope
This Policy applies to personal information we collect through our website, your account, and our domain registration and related services. It does not apply to third-party websites or services we link to, or to the content hosted at domains registered through us, which we do not control.
3. Personal Information We Collect
We collect the following categories of personal information:
- Account and identity data: name, email address, postal address, phone number, and login credentials.
- Domain registration data: the registrant, administrative, technical, and billing contact details associated with each domain, plus nameservers and domain status. This data is subject to the ICANN rules described in Section 6.
- Billing and payment data: billing contact details and transaction records. Card data is processed by our payment processor; we do not store full payment card numbers.
- Communications and support data: messages you send us, support tickets, and abuse reports.
- Technical and usage data: IP address, browser type and version, operating system, referring URL, pages requested, and timestamps, collected through server logs and cookies (see Section 8).
- Marketing preferences: your communication and consent settings.
4. How We Use Your Information
We use personal information to: create and administer your account; register, renew, transfer, and manage your domains; operate WHOIS/RDAP and other required registrar functions; process payments; provide customer support; send service and transactional messages (including ICANN-required expiration and WHOIS-accuracy reminders); detect, investigate, and prevent fraud, abuse, and security incidents; comply with our legal and contractual obligations, including the ICANN Registrar Accreditation Agreement (RAA); and, where permitted, send marketing communications you can opt out of.
5. Legal Bases for Processing (EEA/UK)
If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR / UK GDPR:
- Performance of a contract — to provide the services you request, including domain registration.
- Compliance with a legal obligation — including obligations under the RAA and ICANN policies, and applicable law.
- Legitimate interests — to secure and improve our services, prevent abuse, and run our business, where not overridden by your rights.
- Consent — for certain marketing and optional cookies, which you may withdraw at any time.
6. Domain Registration Data, WHOIS/RDAP, and the ICANN Registration Data Policy
When you register a domain, ICANN rules govern how the associated registration data is collected, escrowed, transferred to the registry, and published. The key points:
- Default redaction. Under ICANN's Registration Data Policy (which contracted parties were required to implement by 21 August 2025, carrying forward the prior Temporary Specification), most registrant contact information is redacted from the public WHOIS/RDAP output by default. Public records typically show the domain name, status, nameservers, key dates, and registrar information, but not your personal contact details.
- Optional privacy service. For additional protection — for example, for organizational registrants whose data is not redacted by default, or for extensions that still publish contact data — you may use our WHOIS Privacy Service, described in our WHOIS Privacy Service Terms.
- Transfers required for registration. We transmit registration data to the relevant registry operator, and deposit it with an ICANN-approved data escrow agent, as required by ICANN. ICANN and registry operators may process this data under their own policies.
- Requests for non-public data. Third parties with a legitimate interest (such as law enforcement or intellectual-property rights holders) may request access to non-public registration data, including through ICANN's Registration Data Request Service (RDRS). We disclose non-public data only where we have a lawful basis and the request meets applicable requirements.
- Accuracy obligations. You must keep your registration data accurate and update it within seven (7) days of any change, and respond to accuracy-verification requests within fifteen (15) days, as described in the Domain Registration Agreement. These obligations apply even when your data is redacted or you use the privacy service.
7. How We Share Your Information
We share personal information with:
- Registry operators for your domain's TLD, as required to register and maintain the domain.
- ICANN and its designated agents, including the data escrow provider, as required by the RAA and ICANN policies.
- Service providers and processors who perform services for us (such as hosting, analytics, email delivery, fraud prevention, and customer support) under contracts that require them to protect the data and use it only for our instructions.
- Payment processors to complete transactions.
- Law enforcement, government authorities, and other parties when required by valid legal process, to comply with law, to enforce our agreements, or to protect the rights, safety, and security of OrbitFour, our users, or the public. Where we receive a civil subpoena seeking your personal information, we will use reasonable efforts to notify you before disclosure, unless prohibited.
- A successor entity in connection with a merger, acquisition, or sale of assets, subject to this Policy.
We do not sell your personal information, and we do not share it for cross-context behavioral advertising or targeted advertising.
8. Cookies and Tracking Technologies
We use cookies and similar technologies that are strictly necessary to operate the site (such as session and security cookies) and first-party analytics to understand site usage in aggregate. Our analytics are first-party — we do not use third-party advertising cookies or share usage data with advertising networks. You can control cookies through your browser settings; disabling necessary cookies may impair site functionality. Where required by law, we obtain consent for non-essential cookies.
9. Data Retention
We retain personal information for as long as needed to provide the services and for the periods required by ICANN policy and applicable law. Registration data is generally retained for the life of the registration and for the additional period required by the RAA's data-retention requirements; account, billing, and tax records are retained as required by law; and support and marketing records are retained no longer than necessary for the purposes described here.
10. Data Security
We use administrative, technical, and physical safeguards designed to protect personal information against loss, misuse, and unauthorized access, and we require our service providers to do the same. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
11. International Data Transfers
We are based in the United States, and we and our service providers may process your information in the United States and other countries whose data-protection laws may differ from those in your jurisdiction. We do not direct our services to, or knowingly serve, customers in the European Economic Area or the United Kingdom. Where we nonetheless transfer personal data originating from the EEA or UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.
12. Your Privacy Rights
12.1 EEA / UK (GDPR)
Subject to applicable law, you have the right to access, correct, delete, restrict, or object to our processing of your personal data; to data portability; to withdraw consent; and to lodge a complaint with your local data-protection supervisory authority.
12.2 California (CCPA/CPRA)
Subject to applicable law, California residents have the right to know what personal information we collect and how we use and disclose it; to access and delete personal information; to correct inaccurate personal information; to opt out of the "sale" or "sharing" of personal information; and to limit the use of sensitive personal information. We do not sell or share personal information as those terms are defined under California law. We will not discriminate against you for exercising your rights. You may use an authorized agent to submit a request.
12.3 How to Exercise Your Rights
To exercise any of these rights, contact us at [email protected] or at the postal address in Section 1. We will verify your request, may ask for information to confirm your identity, and will respond within the time required by applicable law. Note that we may be required to retain certain registration data, or withhold deletion, where necessary to comply with ICANN policy, applicable law, or an active fraud or abuse investigation.
13. Children's Privacy
Our services are not directed to children, and we do not knowingly collect personal information from children under 13 (or the minimum age in your jurisdiction). If you believe a child has provided us personal information, contact us and we will take appropriate steps to delete it.
14. Marketing and Communications
We send transactional and service messages (such as expiration and accuracy reminders) that you cannot opt out of while you hold an active account or registration, because they are required to provide the service or under our RAA. You may opt out of marketing emails at any time using the unsubscribe link in those messages or by contacting us.
15. Third-Party Links
Our site may link to third-party websites and services. We are not responsible for their privacy practices, and we encourage you to review their policies.
16. Changes to This Policy
We may update this Policy from time to time. We will post the updated Policy with a new "Last Updated" date and, for material changes, provide additional notice. Your continued use of the services after changes take effect constitutes acceptance of the updated Policy.
17. Governing Law and Disputes
This Policy is governed by the laws of the State of Michigan, and any dispute relating to it is subject to the dispute-resolution, arbitration, and class-action-waiver provisions of our Domain Registration Agreement and Website Terms of Use, to the extent permitted by applicable law.
18. Related Policies
- Website Terms of Use
- Domain Registration Agreement
- WHOIS Privacy Service Terms
- Registrar Abuse Policy
- Registrant Rights and Benefits
Version: 2.0 Last Updated: June 18, 2026 Effective Date: January 1, 2026