Supplemental Centralized Zone Data Services (CZDS) Policy

I. Introduction

  1. Citigroup ("Registry Operator") will provide access to data contained in the DNS zone file of the .CITI Top Level Domain (the "Data") to a requester, who may be an individual(s), association, corporation, partnership, proprietorship, trust or any other recognized legal entity (hereinafter, a "User"), in accordance with Specification 4 of Registry Operator's Registry Agreement with ICANN ("Registry Agreement"), and subject to verification of User's credentials and User's agreement that the Data will only be used for lawful and non-commercial purposes.
  2. This policy is intended to supplement the Terms & Conditions of the CZDS ("CZDS T&C") located at https://czds.icann.org/en/terms/terms-and-conditions-1 so that taken together, this policy and the CZDS T&C describe how Registry Operator will review requests for access to the Data and revoke such access.

II. Credentialing Requirements and Requests

  1. User must submit its request for the Data through ICANN's Centralized Zone Data Service ("CZDS") located at https://czds.icann.org/ and must agree to the CZDS T&C.
  2. Registry Operator will approve valid requests that satisfy all of the following elements.
    1. A complete and accurate list of information sufficient for Registry Operator to correctly identify and locate User, including without limitation:
      1. Company name
      2. Contact name (first and last name)
      3. Address (including city, state, zip code and country)
      4. Telephone number
      5. Facsimile number (if available)
      6. Email address
      7. IP address.
    2. A complete statement of the true and legitimate reason(s) for which User requests access.

III. Validation and Verification

Registry Operator may attempt to validate and verify any information provided by User, including without limitation by contacting User via phone, email or postal mail. Registry Operator may deny requests that are not timely validated or verified.

IV. Extended Access

A User may request extended access to the Data beyond the mandatory minimum access period of ninety (90) calendar days. Users who would like to receive extended access should also include the following additional information in the request:

  1. User's primary occupation (e.g., law enforcement officer, intellectual property attorney, security researcher);
  2. A complete statement of the steps User will take to protect against unauthorized access to and use and disclosure of the Data;
  3. The statement by User, or a representative or agent authorized to act on User's behalf, of the following: "I, [Full Name of User], as User, [an authorized representative or agent of User,] under penalty of perjury, certify that the information in this request is accurate; that User will access and use the Data for lawful purposes only and in compliance with all legal and regulatory requirements applicable to Citigroup; that User will take all reasonable steps to protect against unauthorized access to and use and disclosure of the Data to any third party; that User will not access or use the Data for any marketing activities; and that User will not access or use the Data to enable high volume, automated, electronic processes that send queries or data to the systems of Citigroup, any registrar, or any registrant.;
  4. An electronic signature of User, or User's representative, or an agent authorized to act on User's behalf. To satisfy this element, User, or User's authorized representative or agent, may type his or her full legal name (a first and last name) between forward slashes (followed by, if applicable, a company name and title) to act as a signature at the bottom of the request.

Registry Operator may, in its sole and absolute discretion, grant User requests for extended access for an initial period of up to one (1) year, with the possibility to renew access upon submission of a new request for the Data, based on the provision of this additional voluntary information in the request.

V. Rejection and Revocation

  1. ICANN or Registry Operator may reject any request that does not satisfy any of the Credentialing Requirements described above, such that the request:
    1. Lacks sufficient information to correctly identify and locate User.
    2. Lacks credible or sufficient detail about User's intended use of the Data, leading Registry Operator to believe that User is reasonably likely to do any of the following:
      1. access or use the Data for unlawful or abusive purposes, or otherwise not in compliance with all applicable laws and regulations;
      2. access or use the Data, or permit the Data to be accessed or used to harass, annoy, interrupt, disrupt, or interfere in the normal business operations or any registrant, including Registry Operator;
      3. access or use the Data, or permit the Data to be used for any marketing purposes;
      4. access or use the Data in a manner that threatens the operational stability and security of the Internet;
      5. distribute the Data to any other party without the express prior written consent of Registry Operator;
      6. fail to take all reasonable steps to protect against unauthorized access to or use or disclosure of the Data to any third party; or
      7. use the Data in a manner that otherwise contravenes the spirit of this policy or the CZDS T&C.
  2. Registry Operator may revoke User's access to the Data at any time, without notice, for any reason in Registry Operator's sole and absolute discretion, including failure to comply with the CZDS T&C or any of the terms above

VI. Timeline and Term

Registry Operator will process valid requests within sixty (60) calendar days of receipt. If approved, Registry Operator will provide User a nonexclusive, nontransferable, limited right to access the Data for a period of ninety (90) calendar days. Upon the term's conclusion, User must submit any request to renew access through the CZDS. Registry Operator may, in its sole and absolute discretion, grant User requests for extended access for a period of up to one (1) calendar year, as discussed above.

VII. About this Policy

Registry Operator may modify this policy at any time without prior notice, for example to reflect changes in the law or changes to the CZDS. Registry Operator may post notice of modifications to these terms on its NIC.CITI webpage or this webpage, so please periodically check for updates.

This policy and the CZDS T&C serve the same purpose, and are to be read and interpreted together as one single instrument.

For information about how to contact Citigroup, please visit our contact page.