PRIVACY POLICY

Last Updated: 03 October 2025

This Privacy Policy explains how Cloudme Digital Co. W.L.L. (“Cloudme”, “we”, “us”, or “our”), operating the GoDomains brand, collects, uses, discloses, and safeguards personal information when you:

  • visit our websites including https://godomains.bh and https://cloudme.bh (and any subdomains) that link to this Policy (the Sites);

  • use our domain registration, DNS, WHOIS/Privacy/Proxy, hosting, email, and related products and services (the Services);

  • engage with us in sales, marketing, or events; or

  • contact our support channels.

If you do not agree with this Policy, please do not use the Sites or Services. You can contact us at legal@godomains.bh with any questions.

1) Who We Are & How to Contact Us

Controller: Cloudme Digital Co. W.L.L. (CR 34715‑1), Office 24, Building 624, Road 2808, Block 428, Seef 428, Kingdom of Bahrain.
Email: legal@godomains.bh
Phone: +973 1743 0909

Depending on the Service (e.g., a specific TLD), we may act as a processor for a domain registry/ICANN‑mandated function while also being a controller for our own commercial activities (billing, marketing, account management).

2) Scope & Relationship to Other Terms

This Policy forms part of our Terms of Service, Domain Registration Agreements, and any TLD‑specific policies that may apply (including registry rules and ICANN policies). Where a registry, ICANN, or law imposes stricter requirements, those prevail.

3) Information We Collect

a) Information you provide directly

  • Identification & contact data (name, username, address, email, phone).

  • Account credentials and preferences.

  • Billing & invoicing data (billing name, address, VAT or CR, tax IDs).

  • Verification documents (e.g., government ID; commercial registration; trademark/IP certificates) where a TLD/Service requires eligibility proof.

  • Support content (tickets, calls/chats, attachments) and survey responses.

b) Payment information

We collect only the data necessary to initiate and reconcile payments (e.g., method, masked PAN digits, authorization references). We do not store full card numbers or CVV. Card and wallet payments are processed by our payment provider Tap Payments. Their privacy notice is available at https://tap.company.

c) Information collected automatically

When you access the Sites/Services we collect, via cookies and similar technologies:

  • Device/usage data (IP address, browser/device type and settings, OS, language, timestamps, pages viewed, referring/exit pages, features used, error/crash data).

  • Approximate location (derived from IP). You can restrict location sharing via your device/browser settings.

See our Cookie Notice at https://godomains.bh/cookie-policy for details and choices.

d) Domain Search Data

When you use our domain name search tools (including bulk search, availability checkers, or WHOIS lookups), we collect:

  • the search terms you enter,

  • your IP address, and

  • the date and time of the search.

We use this data to deliver results, improve our Services, understand domain market trends, and (where lawful and subject to your marketing preferences) provide recommendations or targeted marketing. We may aggregate or anonymise this data for research and statistical purposes.

e) AI Domain Generator Data

When you use our Aidea AI Domain Name Generator, we collect:

  • the text prompts you enter,

  • your IP address, and

  • the date and time of the request.

We use this data to deliver the requested AI‑generated domain suggestions, improve and train our AI models, analyse usage trends, and (where lawful and subject to your preferences) support marketing activities. We may aggregate or anonymise prompt data for research and development. We do not use AI inputs in a way that publicly identifies you unless you explicitly choose to share them.

f) Information from third parties

  • Registries/ICANN service providers (e.g., data returned from EPP provisioning, verification, escrow services) about your domain objects and status codes.

  • Security/anti‑abuse vendors (e.g., fraud scores, threat intelligence, blocklists) when necessary to protect our Services and the DNS.

  • Marketing/analytics platforms (subject to your consent or legitimate interests and cookie settings), e.g., Google Analytics, Google Ads, Meta, LinkedIn Insight Tag.

We do not purchase consumer data from data brokers.

g) Domain WHOIS/Directory data

For some TLDs, registries or ICANN policies require publication or disclosure of registrant data via WHOIS or RDAP. Where permitted, we offer WHOIS Privacy/Proxy to redact or substitute public data; however, legal or policy obligations may still require disclosure to competent authorities, registries, or rights‑holders under lawful process.

4) How We Use Personal Information

We process personal information for the following purposes and legal bases:

  • Provide the Services (contract): create/manage accounts; register/renew/transfer domains; configure DNS/DNSSEC; provision hosting/email; process payments; deliver support.

  • Eligibility & compliance checks (legal obligation/contract/legitimate interests): validate identity/eligibility where required by a registry or law; maintain audit trails and logs; meet ICANN/registry data retention and escrow requirements.

  • Domain search & AI generator analytics (consent/legitimate interests): analyse search queries, prompts, IP addresses, and timestamps to understand demand, improve our search and AI tools, inform marketing campaigns, and provide recommendations.

  • Security & abuse prevention (legitimate interests/legal obligation): monitor, prevent, and investigate spam, phishing, malware, DDoS, fraud, and violations of our AUP; enforce terms; protect the integrity of the DNS.

  • Service communications (contract/legitimate interests): transactional messages (renewal notices, transfer FOAs, verification, maintenance updates).

  • Marketing (consent/legitimate interests): send offers/newsletters; run campaigns and measure effectiveness. You can opt out anytime.

  • Analytics & improvements (legitimate interests): usage analysis to improve performance, UX, and features.

  • Legal (legal obligation/legitimate interests): respond to lawful requests; defend legal claims; comply with tax/accounting rules.

  • Vital interests: act to prevent harm when necessary.

5) Sharing & Disclosures

We may share personal information with:

  • Registries & ICANN‑mandated providers: To register, transfer, renew, escrow, or manage domains, including publication/disclosure required by TLD policies.

  • Technical providers: hosting, email delivery, DNS/DNSSEC, DDoS/WAF/CDN, monitoring, ticketing, CRM, analytics, and customer support platforms.

  • Payment processors & financial institutions: to process transactions, fraud screening, chargebacks, and refunds.

  • Professional advisers: auditors, legal counsel, and insurers under confidentiality.

  • Affiliates & resellers: when you purchase through or are referred by them.

  • Business transfers: M&A, financing, or sale of assets (subject to safeguards).

  • Authorities/rights‑holders: when we are legally required or permitted to do so (e.g., court orders, subpoenas, valid disclosure requests under applicable policies).

We do not sell personal information.

6) International Transfers

We operate in and use providers located in multiple countries. Where required, we implement appropriate safeguards for cross‑border transfers (e.g., Standard Contractual Clauses, adequacy decisions, or equivalent mechanisms) and limit access to what is necessary.

7) Retention

We retain personal information only as long as necessary for the purposes above, including to comply with:

  • ICANN/registry retention and escrow obligations for domain data;

  • statutory limitation periods and tax/accounting requirements; and

  • security, fraud prevention, and dispute resolution needs.

When no longer needed, we delete or irreversibly anonymise data. Certain backups may persist for a limited time and are isolated from routine access.

8) Security

We apply administrative, technical, and physical safeguards appropriate to the risk, such as encryption in transit, access controls, logging, network segmentation, and regular reviews. No system is 100% secure; transmission is at your own risk. If you believe your account has been compromised, contact abuse@godomains.bh immediately.

9) Your Choices & Rights

Depending on your location (e.g., Bahrain PDPLEEA/UK GDPRCalifornia CCPA/CPRA, and other local laws), you may have rights to:

  • access, correct, or delete personal information;

  • object to or restrict processing;

  • data portability; and

  • withdraw consent where processing is based on consent.

You can exercise rights by contacting legal@godomains.bh. We will respond in accordance with applicable law. We may need to verify your identity and may not be able to fulfil requests that would adversely affect others’ rights or our legal obligations (e.g., registry/ICANN requirements).

Marketing communications: You can opt out via the link in our emails or by contacting us. Transactional/service emails will still be sent.

Cookies: Manage preferences in our Cookie Notice or your browser settings. Some features may not function without certain cookies.

10) Children’s Privacy

Our Services are not directed to children under 18, and we do not knowingly collect their personal data. If we learn we have collected such data, we will delete it and close the account.

11) Social Logins

If you choose to register or sign in via a social media account, we receive certain profile information from that provider as authorised by your settings. Use is limited to authentication and related purposes described here. We do not control the provider’s further use of your data; please review their privacy notices.

12) Do-Not-Track (DNT)

Industry standards for DNT signals are not yet uniform, so we do not currently respond to DNT. We will update this Policy if a standard becomes available and we are required to follow it.

13) Local Statements & Legal Bases

  • Kingdom of Bahrain (PDPL): We process personal data per Law No. 30 of 2018 (as amended) and applicable PDPA guidance. Where consent is required, you may withdraw it at any time. Certain processing is necessary to provide domain/hosting Services or to comply with registry/ICANN obligations.

  • EEA/UK: Our legal bases include contractlegitimate interestsconsentlegal obligation, and vital interests. We apply appropriate safeguards for international transfers.

  • California: We do not sell personal information as defined by CCPA/CPRA. You may request disclosures, corrections, or deletion, and opt out of certain sharing for cross‑context behavioural advertising via cookie controls.

14) Changes to This Policy

We may update this Policy from time to time. Changes will be posted with a new “Last Updated” date. Material changes may also be notified by email or prominent notice on the Sites.

15) Contact

Cloudme Digital Co. W.L.L.
Office 24, Building 624, Road 2808, Block 428, Seef 428, Kingdom of Bahrain
Email: legal@godomains.bh
Support: https://godomains.bh/contact

16) TLD‑Specific Supplements

Certain TLDs impose additional privacy and data handling obligations (eligibility verification, publication/redaction rules, retention, escrow). When you register a domain, the applicable TLD rules form part of your agreement. Where a TLD offers WHOIS Privacy/Proxy, we will explain available options during checkout or in your control panel. Where a TLD requires public display of certain fields, we will disclose only the minimum required.

17) WHOIS Privacy/Proxy Service

When you enable WHOIS Privacy/Proxy (where permitted):

  • Your public WHOIS/RDAP record will show proxy contact details controlled by us or our provider.

  • We will retain your underlying registrant data and disclose it only under lawful request, registry/ICANN policy, or with your consent.

  • Abuse handling and disclosure workflows follow applicable policies. We may forward validated contact requests or reveal data when legally required.

Where WHOIS Privacy/Proxy is not available due to registry rules, we will display only the fields required and provide alternative measures (role‑based email, contact form, or limited proxy) where feasible.