Privacy Policy

1. Introduction

XSR Corporation ("we," "us," or "the Company") is a domain name registry operator. We recognize the protection of personal information as a critical responsibility. This Privacy Policy ("Policy") describes how we collect, use, and share personal information.

We process personal information in compliance with Japan's Act on the Protection of Personal Information (APPI), the EU General Data Protection Regulation (GDPR), and the rules established by ICANN (Internet Corporation for Assigned Names and Numbers).

2. Information We Collect

2.1 Information Collected Directly

• Name, email address, phone number, and company name provided through contact forms
• Business information submitted during partner (registrar) applications
• Technical information associated with website access (IP address, browser information, access logs)

2.2 Information Collected Indirectly Through Registrars

• Domain name registrant name or organization, address, phone number, and email address
• Technical and administrative contact information
• Nameserver information
• Transaction data related to domain name registration, renewal, and transfer

3. How We Use Your Information

• Domain name registration, maintenance, management, and related services
• Operation of WHOIS/RDAP services (fulfillment of obligations under ICANN contracts)
• Stable operation of DNS infrastructure
• Detection, prevention, and response to security incidents, including DNS abuse
• Fulfillment of obligations under ICANN and related contracts (including data escrow)
• Responding to inquiries and providing support
• Service improvement and statistical analysis (using anonymized data)
• Compliance with legal obligations

4. WHOIS/RDAP Data

We publish certain domain name registration data through WHOIS and RDAP (Registration Data Access Protocol) in accordance with our ICANN Registry Agreement.

4.1 Published Information

• Domain name, registrar name, and nameserver information
• Domain registration date, expiration date, and last updated date
• Domain status and DNSSEC signing status

4.2 Non-Public Information

For privacy protection, registrant personal contact information (name, address, phone number, email address) is not published by default, in accordance with applicable laws and ICANN policies. Disclosure requests from third parties with legitimate purposes are evaluated on a case-by-case basis under the ICANN Temporary Specification and applicable law.

5. Sharing with Third Parties

We do not share personal information with third parties except in the following cases:

• ICANN: Data escrow submissions and reporting obligations under the Registry Agreement
• Accredited Registrars: Domain name registration data shared through the EPP protocol
• Law Enforcement: When required by law or legitimate legal process
• Dispute Resolution Providers: Data provision in UDRP and similar proceedings
• Service Providers: Third parties who process data on our behalf with appropriate safeguards
• With Your Consent

6. Cookies

• Essential Cookies: Required for basic website functionality
• Analytics Cookies: Used to analyze website usage and improve services (e.g., Google Analytics)

You can refuse cookies through your browser settings, though some features may not function properly.

7. Data Retention

• Domain name registration data: During the registration period and 3 years after expiration
• Inquiry information: 1 year after resolution
• Access logs: 1 year from collection
• ICANN data escrow: As required by the ICANN contract

Where retention is required by law, data is kept for the legally mandated period.

8. Your Rights

You have the following rights regarding your personal information held by us:

• Access: Request confirmation of personal information we hold
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of personal information (except where ICANN contractual obligations apply)
• Restriction: Request restriction of processing

Individuals located in the EEA may additionally exercise rights to data portability, restriction of processing, and objection under the GDPR.

9. International Data Transfers

Due to the nature of DNS infrastructure operations, personal information may be processed on servers located outside of Japan. In such cases, we implement appropriate safeguards including EU Standard Contractual Clauses (SCCs).

10. Security Measures

• Encryption of communications (TLS/SSL)
• Access controls and authentication
• Employee training on personal information protection
• Internal policies and procedures for data handling
• Regular review and improvement of security measures

11. Changes to This Policy

We may update this Policy due to changes in law, ICANN policy revisions, or other circumstances. Material changes will be notified in advance on our website.

12. Contact Us

For inquiries regarding the handling of personal information, please contact: