Privacy Policy

1. Information Domex Collects

• Full name, email, phone number, password (stored as bcrypt hash).
• Legal documents: national ID/tax code, permanent address (only when listing a domain for sale).
• Bank account for disbursement.
• Transaction history, electronic contracts, digital signatures.
• Access logs, IP address, device information (for security and fraud prevention).

2. Purpose of Use

• Operating the domain marketplace (identity verification, contract signing, disbursement).
• Tax compliance: withholding personal income tax and VAT on behalf of individual Sellers.
• Security: detecting fraudulent behaviour and account takeover.
• Customer support: responding to inquiries and handling complaints.

3. Sharing of Information

• Payment partners PayOS/SePay: minimum information required to process the transaction.
• Mắt Bão registrar system: owner information to complete the domain transfer.
• Competent state authorities upon lawful request.
• Domex does not sell personal data to third parties.

4. Retention Period

• Electronic contracts and tax documents: minimum 5 years under Decree 117/2025.
• Access logs: 12 months.
• Deleted account records: hidden for 30 days then permanently deleted (except accounting documents).

5. Rights of Data Subjects (Decree 13/2023)

You have the right to: access, rectify, erase, restrict processing, object, withdraw consent, and lodge a complaint with the competent authority. Submit requests to privacy@domex.vn.

6. Technical Security

• HTTPS is mandatory across the entire platform (TLS 1.2+).
• Passwords are hashed with bcrypt (12 rounds); no plain-text storage.
• Secrets are managed via environment variables and are NOT committed to source code.
• Logs redact sensitive fields: password, token.

7. DPO Contact

Email: privacy@domex.vn · Hotline: 1900 1830