a) Scope and purpose The ICANN gTLD Applicant Guidebook sets out a requirement for all new gTLD registries to provide a Sunrise Dispute Resolution Policy (Module 5, Trademark Clearinghouse, paragraph 6). In addition, Identity Digital Inc. (“Identity Digital”) provides a dispute resolution mechanism for its Domains Protected Marks List service (“DPML”). This Sunrise and DPML Dispute Resolution Policy (the “Policy”) governs disputes arising out of or concerning the Sunrise service and DMPL offered by Identity Digital. Additional information regarding Sunrise and DPML is available on the Identity Digital Website. b) Definitions In this Policy, the following words and phrases have the following meanings:
Complainant: A person (legal or natural) who makes a complaint under this Policy.
Identity Digital Website: identity.digital
Identical Match: The domain name label is an identical match to the trademark, meaning that the label consists of the complete and identical textual elements of the mark in accordance with section 4.2.1 of the TMCH Guidelines. In this regard:
Panellist: The person or organisation appointed by the Provider to provide a written decision in relation to a dispute arising under this Policy.
Provider: The dispute resolution provider appointed by Identity Digital to administer resolution of disputes arising under this Policy.
Provider’s Website: https://oxil.uk/dispute-resolution/donuts-sunrise/
Respondent: The applicant or registrant of the domain name(s), or the DPML account holder subject to a complaint under this Policy.
SMD File: A signed mark data file issued by the TMCH signifying that the TMCH has verified that the trademark contained in the SMD File meets the requirements for inclusion in the TMCH in accordance with TMCH Guidelines in force at the time when a complaint under this Policy is filed.
Sunrise: That period of time during which holders of SMD Files may submit domain name applications for a TLD before registration becomes available to the general public
TMCH: Trademark Clearinghouse (http://www.trademark-‐clearinghouse.com).
TMCH Guidelines: Guidelines published by the TMCH for mark holders and agents to inform them about the eligibility requirements for inclusion of marks in the TMCH and participation in sunrise services (currently available at http://www.trademark- clearinghouse.com/sites/default/files/files/downloads/TMCH%20guideli nes%20v1.1_0.pdf).
c) End-‐Date Sunrise Identity Digital utilizes an end-‐date Sunrise process, meaning Sunrise registrations will not occur during Sunrise. Rather, at the end of Sunrise, sole applicants meeting all Sunrise criteria for an available domain will be awarded their applied-‐for domain. Other than the requirement to submit a valid SMD File with Sunrise applications, Identity Digital does not apply allocation criteria in its Sunrise application process. If there are multiple applicants for an available domain, those applicants will go to auction at the end of Sunrise after which the auction winner will be allocated the domain. Additional information regarding Sunrise and the auction process is available on the Identity Digital Website. d) Trademark validation and SMD File fraud The TMCH is responsible for maintaining Sunrise eligibility requirements, validating and authenticating marks (as applicable), and hearing challenges regarding validity of a mark or SMD File. When processing Sunrise applications, Identity Digital relies on the validity of mark holder information contained in SMD Files provided by the TMCH. Disputes regarding the validity of an SMD File are subject to a separate TMCH dispute process and should be submitted to the TMCH using its dispute resolution procedures outlined in https://trademark-clearinghouse.com/dispute prior to initiation of a complaint under this Policy. In the event the TMCH reports fraud in an SMD File or a Sunrise application, Identity Digital may disqualify the Sunrise application or, in the event that fraud is detected after the Sunrise period, delete the applicable domain name(s).
Prior to initiating a dispute under this Policy, potential Complainants must submit complaints to Identity Digital at legal@identity.digital. When possible, Identity Digital may attempt to resolve the issue internally without charge. If, in the opinion of Identity Digital, the matter would be more appropriately dealt with by the TMCH, Identity Digital will advise the potential Complainant accordingly. If the complaint relates to a registry process error, Identity Digital will investigate and if upheld seek to resolve such errors internally without charge. In the event Identity Digital, in its discretion, is unable to resolve the dispute, Identity Digital will notify the potential Complainant to submit its complaint to the Provider as outlined in this Policy.
Any person can raise a complaint under this Policy, subject to the following:
Identity Digital may in its sole discretion bar a Vexatious Complainant from future filing under this Policy.
4.1 Sunrise complaints To prevail in a Sunrise dispute under this Policy, a Complainant must prove by clear and convincing evidence that any of the following grounds apply:
4.2 DPML complaints To prevail in a DMPL dispute, a Complainant must prove by clear and convincing evidence that any of the following grounds apply:
Questions or disputes regarding the ability of a mark holder to override a DPML block should be addressed to Identity Digital at DPML@identity.digital. Additional information regarding DPML is available on the Identity Digital Website.
5.1 Timing of submission
5.2 Format of submission All submissions, including any annexes, under this Policy must be lodged electronically via the appropriate form on the Provider’s Website. 5.3 Providing evidence
The complaint must conclude with the following statement for and on behalf of the Complainant: “Complainant agrees that its claims and remedies concerning the registration of the domain name, the dispute, or the dispute’s resolution shall be solely against the Respondent and waives all such claims and remedies against (a) the dispute resolution provider and panellists except in the case of deliberate wrongdoing, (b) the registrar, (c) Identity Digital, its directors, officers, employees, affiliates and agents, and (d) ICANN as well as their directors, officers, employees and agents.” “Complainant certifies that the information contained in this complaint is to the best of Complainant’s knowledge complete and accurate, that this complaint is not being presented for any improper purpose, such as to harass, and that the assertions in this complaint are warranted under this Policy and under applicable law, as it now exists or as it may be extended by a good faith and reasonable argument.” Annex any documentary or other evidence upon which the Respondent relies, together with a schedule indexing all documents.
The response must conclude with the following statement for and on behalf of the Respondent: “Respondent certifies that the information contained in this response is to the best of Respondent’s knowledge complete and accurate and that the assertions in this response are warranted under this Policy and under applicable law, as it now exists or as it may be extended by a good faith and reasonable argument.” Annex any documentary or other evidence upon which the Respondent relies, together with a schedule indexing such documents.
The Panellist is not required to consider any further statements submitted by or on behalf of the parties in relation to any administrative proceeding under this Policy.
A Panellist shall be impartial and independent and shall have, before accepting appointment, disclosed to the Provider any circumstances giving rise to justifiable doubt as to the Panellist’s impartiality or independent. If, at any stage during the administrative proceeding, new circumstances arise that could give rise to justifiable doubt as to the impartiality or independence of the Panellist, the Panellist shall promptly disclose such circumstances to the Provider. In such event, the Provider shall have the discretion to appoint a substitute Panellist.
No party or anyone acting on its behalf may have any unilateral communication with the Panellist. All communications between a Party and the Panellist shall be made through the Provider.
The Provider shall forward the file to the Panellist as soon as appointed.
There shall be no in-‐person hearings (including hearings by teleconference, video conference or web conference).
16.1 Basis of decision
16.2 Communication of decision to the parties Within five (5) days after receiving the decision from the Panellist, the Provider shall communicate the full text of the decision to each party, the applicable registrar, and Identity Digital.
Identity Digital will implement the remedy as directed by the Panellist’s decision unless Identity Digital has received within ten (10) days of issuance of such decision official documentation (such as a copy of a complaint, file-‐stamped by the clerk of the court) that the Complainant or Respondent has commenced and served a lawsuit against the other party/parties in another venue. If Identity Digital receives such documentation within the ten (10) day period, Identity Digital will not implement the decision, and will take no further action, until Identity Digital receives (i) satisfactory evidence of a resolution between the parties; (ii) satisfactory evidence that the lawsuit has been dismissed or withdrawn; or (iii) a copy of an order from such court dismissing the lawsuit or ordering that a party/parties have no right to the domain name(s) in dispute.
On initiation of a complaint under this Policy, the disputed domain name(s) will be locked against modification or transfers between registrants and/or registrars, and against deletion.
The dispute process set forth in this Policy does not prevent either party from submitting a dispute concerning the domain name to another administrative proceeding (e.g. UDRP or URS) or to a court of competent jurisdiction. Such activity may be initiated during the Sunrise or DMPL dispute resolution process or after such proceeding is concluded. The party initiating such activity must immediately provide the Provider with notice of commencement of such activity, whereupon any active proceedings under this Policy will be stayed pending the outcome of the proceedings so initiated.
Except in the case of deliberate wrongdoing, neither Identity Digital, the Provider, nor any Panellist shall be liable to a party for any act or omission in connection with any administrative proceeding under this Policy.
The language of proceedings shall be English. All communications shall be in English. It is the responsibility of the parties to provide certified translations into English of all documents and supporting evidence whose original is in any other language, along with a copy of the original.
This Policy is subject to change in Identity Digital discretion. It is the obligation of the parties to check the most recent version of this Policy as published on the Identity Digital Website. The version of this Policy in effect at the time of submission of the complaint to the Provider shall apply to the relevant administrative proceeding.
Last Updated: May 14, 2025
This Privacy Policy describes how Identity Digital Inc. and our subsidiaries and affiliated companies (collectively, “Identity Digital,” “we,” or “us”) collect, use, disclose, and otherwise process information about you if you:
This Privacy Policy does not apply in all circumstances. For example, Identity Digital may operate as a “data processor” for certain third-party registry operators. In those instances, we handle domain name registrant personal information on behalf of such registry operators, subject to the terms of our agreements with them. Please carefully review the terms associated with registry operators you work with. In addition, Identity Digital may also provide different or additional notices of our privacy practices for certain offerings, in which case those notices will supplement or replace the disclosures in this Privacy Policy.
We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy. If we make material changes, we will provide you with additional notice (such as by notifying your registrar, adding a statement to our Websites, or sending you a notification). We encourage you to review this Privacy Policy regularly to stay informed about our information practices and the choices available to you.
The information we collect about you depends on which Products you use and how you use our Websites or otherwise interact with us. In this section, we describe the categories of information we collect and the sources of this information.
We collect information you provide directly to us. For example, we collect information directly from you when you fill out a form on one of our Websites, create an account with us, request customer support, connect with us via email, or otherwise communicate with us. The types of information that we collect directly from you include your name, email address, postal address, phone number, and any other information you choose to provide. If you are a registrar or other party making a payment to us, we work with a third-party payment processor to process your payment information.
We automatically collect information about your interactions with us, including:
We obtain information from other sources. For example, you may purchase one of our registration products from your registrar, in which case they may provide us with certain information including your registrant name, organization, address, email, fax, phone number, and contact information for various stakeholders, including administrative, technical, and billing contacts. We may also collect information from entities that gather and license business contact information, industry partners, and advertising networks.
We may derive information or draw inferences about you based on the information we collect. For example, if you use our Domain Engine Product or visit our Websites, we may make inferences about your approximate location based on your IP address.
We use the information we collect in the following ways:
We engage others to provide analytics services, advertise Identity Digital and our Products to you on third-party sites and services, and perform related services across the web and in mobile applications. To do this, Identity Digital and these partners may use cookies, web beacons pixels, SDKs, and similar technologies to collect information about your use of our Websites and third-party services, including your device identifiers, IP address, web browser and mobile network information, pages viewed, time spent on pages or in mobile apps, links clicked, and conversion information. This information is used to deliver advertising targeted to you on other companies’ websites and mobile apps, understand the effectiveness of this advertising, analyze and track data, and better understand your activity. When you arrive on our site, you will be presented with consent options upon arriving at our websites and can subsequently change those choices using the “Your Privacy Choices” link. Your choice will be linked to your browser only; therefore, you will need to renew your selections if you visit our website from a new device or browser, or if you clear your browser’s cookies.
In addition to ad targeting activities that rely on cookies and similar technologies, we work with advertising partners to translate other identifiers, such as your email address or phone number, into a unique identifier (called a hashed value) that such partners can then use to show ads that are more relevant to you across the web and in mobile apps. You may opt out of these disclosures by contacting us at privacy@identity.digital.
The activities described in this section may constitute “sharing,” or “selling” under the California Consumer Privacy Act. See the Additional Information for California Residents section below for details.
You can also learn more about interest-based ads, or opt out of having your web browsing information used for behavioral advertising purposes by companies that participate in the Digital Advertising Alliance, by visiting www.aboutads.info/choices or www.youronlinechoices.eu (if you reside in Europe) or https://youradchoices.ca (if you reside in Canada). Your device may also include a feature that allows you to opt out of having certain information collected through mobile apps used for behavioral advertising purposes.
We disclose information about you as described in the Targeted Advertising and Analytics section above and in the following scenarios:
We also disclose aggregated or de-identified information that cannot reasonably be used to identify you. We maintain and use this information only in a de-identified fashion and will not attempt to re-identify such information, except as permitted by law.
You can update certain information stored within your account with us at any time by logging in and navigating to the settings menu.
Identity Digital uses cookies and similar tracking technologies on our Websites, as described above. You can usually adjust your browser settings to remove or reject browser cookies. In addition, if you are in the United States, you may opt out of cookie-based ad targeting on our website by clicking the link titled “Your Privacy Choices ” on the footer of our Websites. If you are outside of the United States, you will be presented with consent options upon arriving at our Websites and can subsequently change those choices using the “Cookies Settings” link.
You may opt out of receiving promotional emails from us by following the instructions in those communications. If you opt out, we may still send you non-promotional emails, such as those about your orders with us or our ongoing business relationship. Depending upon where you live, we may only send you promotional emails where we have your consent to do so.
California has enacted the California Consumer Privacy Act (“CCPA”), which grants California residents certain rights and requires specific disclosures. If you reside in California, this section applies to you and also serves as our California notice at collection.
In the preceding sections, we explain how we collect, use, and disclose information about you, as well as our targeted advertising and analytics practices. As required by the CCPA, we use the tables below to explain this same information.
Use and Disclosure of Personal Information for Business Purposes
We do not collect information that is deemed “sensitive” under the CCPA.
As described in the Collection of Information section above, we collect personal information from various sources, including directly from you, automatically when you access or use our Websites or Domain Engine Product, from registrars and from other third-party sources.
We retain personal information for as long as necessary to carry out the purposes for which we originally collected it and for other purposes described in this Privacy Policy.
Sales and Sharing Activities
We also disclose certain categories of personal information to show you targeted ads on third-party properties and for related purposes. These disclosures may be considered “sales” or “sharing” under the CCPA, and the table below provides more information about our practices.
We do not engage in sales, sharing, or targeted advertising using personal information about consumers we know to be under the age of 18.
Opt Out of Sales and Sharing
You may opt out of activities that we engage in that constitute “sharing” or “sales” of personal information under the CCPA by:
If you reside in California, you can also opt out by visiting our website with a legally recognized universal opt-out signal enabled, such as the Global Privacy Control.
Access, Correction, and Deletion
If you are a California resident, you have the right to (1) request to know more about and access your personal information, including in a portable format, (2) request deletion of your personal information, and (3) request correction of inaccurate personal information.
To request access, correction, or deletion of your personal information, please contact us at privacy@identity.digital. To authenticate your request, we may ask you to provide some additional information, such as about previous interactions with us.
Nondiscrimination
You have the right not to be discriminated against for exercising any of your privacy rights.
Authorized Agents
You may also designate an authorized agent to submit rights requests on your behalf. For access, correction, or deletion requests, we may ask authorized agents to submit proof of their authority to make a request, such as a valid power of attorney or proof that they have signed permission from the consumer who is the subject of the request. In some cases, we may contact the individual who is the subject of the request to verify their own identity or confirm the authorized agent has permission to submit the request. If you are an authorized agent seeking to make a rights request on behalf of a California resident, please email us at privacy@identity.digital.
Identity Digital is based in the United States, and we and our service providers process and store personal information on servers located in the United States and other countries. Whenever we make restricted international transfers of personal information, we take steps to ensure that your personal information receives an adequate level of protection (by putting in place appropriate safeguards, such as contractual clauses) or ensure that we can rely on an appropriate derogation under data protection laws. Where relevant, you may request access to any safeguard which we use to transfer your personal information outside of the European Economic Area, the United Kingdom, or Switzerland (although we may need to redact data transfer agreements for confidentiality reasons).
For personal information about EEA, Swiss, and UK individuals, Identity Digital complies with the EU-U.S. and Swiss-U.S. Data Privacy Frameworks and the UK Extension to the EU-U.S. Data Privacy Framework (collectively, the “Frameworks”), each as set forth by the U.S. Department of Commerce. As described in our Frameworks certification, Identity Digital has certified that it adheres to the Frameworks Principles with regard to the processing of personal information received from the EEA, Switzerland, and the UK in reliance on the Frameworks. In accordance with the Frameworks, we remain responsible under the Onward Transfer Principle for personal information that we disclose to third parties for processing on our behalf. To learn more about the Frameworks or to view our certification, please visit the Frameworks website. The Federal Trade Commission has jurisdiction over Identity Digital’s compliance with the Frameworks.
Identity Digital commits to resolve Frameworks Principles-related inquiries and complaints about our processing of personal data under the Frameworks. Individuals located in the EEA, UK, and Switzerland can contact us with inquiries or complaints at privacy@identity.digital. If we are unable to resolve the complaint, such individuals may refer the complaint to your local data protection authority, and we will work with them to resolve the issue. Contact details for the relevant data protection authorities can be found using the links below:
In certain circumstances, the DPF provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Framework Principles.
The following US-based Identity Digital affiliates adhere to the Frameworks: Afilias Inc.; Afilias USA, Inc.; Binky Moon, LLC; Covered TLD, LLC.; Dog Beach, LLC; Domain Protection Services, Inc.; Domainsite, Inc.; Dozen Donuts, LLC; DTLD Holdings, LLC; DTLD Parent, Inc.; Identity Digital Capital LLC; Identity Digital Inc.; Identity Digital Ventures LLC; Monolith Registry, LLC; Name.com, Inc.; Name.net, Inc.; Name105, Inc.; Name106, Inc.; Name117, Inc.; Nametrust, LLC; Ruby Glen, LLC; Spring McCook, LLC.
The Identity Digital family of companies also includes the following non-U.S. based companies: Afilias (Shanghai) Information Technology Co., Ltd.; Afilias India Pvt. Ltd.; Afilias Resolution Services Ltd.; Capable Network Technology (Shanghai) Co., Ltd.; Domain Registry Services Ltd.; doMEn d.o.o.; Donuts (HK) Limited; Dot Global Domain Registry Ltd.; Global Website Asia Ltd.; Global Website TLD Asia Ltd; HOTEL Top-Level-Domain S.a.r.l.; Identity Digital Australia Pty Ltd.; Identity Digital Canada Corp.; Identity Digital Domains Ltd.; Identity Digital Holdings Ltd.; Identity Digital Limited; and Internet Computer Bureau Ltd..
If you are located in Europe or another jurisdiction that requires a lawful basis for processing personal information, please note that when we process your personal data as described in this Privacy Policy, we do so in reliance on the following lawful bases:
If you are located in Europe or another jurisdiction that grants you data subject rights, you have the right to (1) access your personal data, including in a portable format, (2) request erasure of your personal data, and (3) request correction of inaccurate personal data. In addition, you may have the right to object to certain processing or request we restrict certain processing. To exercise any of these rights, please email us at privacy@identity.digital.
If you have a concern about our processing of personal data, we encourage you to contact us in the first instance. However, if we are not able to resolve it, you may have the right to lodge a complaint with the Data Protection Authority where you reside (if you live in the EEA, UK, or Switzerland, see links in the International Data Transfers section for contact information).
If you are a Canadian resident, this section applies to you.
By submitting personal information to Identity Digital, our service providers, or our agents, you consent to the collection, use, disclosure, and transfer of your personal information in accordance with this Privacy Policy and as permitted or required by law.
You may withdraw your consent at any time to the collection, use, disclosure, or transfer of your personal information by contacting Identity Digital as set forth in the Contact Us section below. If you withdraw your consent (or if you decide not to provide certain personal information), you acknowledge that Identity Digital may not be able to provide you, or continue to provide you, with certain products, services, or information that may be of value to you.
Identity Digital will only send you commercial electronic messages (“CEMs”) where we have your express or implied consent to do so. Your consent to receive CEMs is implied where we have an existing business relationship with you, or you have reached out to us and made an inquiry within a certain time frame. You may unsubscribe from receiving CEMs at any time, by clicking the unsubscribe button on an email. If you opt out, we may still send you non-promotional messages, such as those about your account or our ongoing business relations.
If you have questions about this Privacy Policy, please contact us at privacy@identity.digital.