בס״ד

Privacy Policy

Last updated: January 2026

1. Overview

DNSX is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use our network diagnostic tools.

2. Information We Collect

Query Data

When you use our tools, we process the domain names, IP addresses, and other identifiers you submit for lookup. This data is used solely to perform the requested lookup and may be temporarily cached to improve performance.

Automatically Collected Information

We automatically collect the following information:

  • IP address (for rate limiting and abuse prevention)
  • Browser type and version (User-Agent)
  • Operating system
  • Referring website
  • Pages visited and time spent

API Usage Data

For API requests, we collect the following data to ensure service reliability and prevent abuse:

  • IP address
  • API endpoint accessed
  • HTTP method
  • Response status code
  • Response time
  • User-Agent string

This data is used for rate limiting, abuse prevention, and service optimization. Detailed API usage logs are retained for 90 days. Aggregated, anonymized usage statistics are retained for up to 1 year for capacity planning and service improvement purposes.

One-Time Secrets

If you use our One-Time Secret (OTS) feature, your secret content is encrypted and stored temporarily until it is viewed once, at which point it is permanently deleted from our servers. We cannot access the content of your secrets.

3. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR) Article 6, we process your personal data based on the following legal grounds:

  • Contract Performance (Article 6(1)(b)): Processing necessary to provide you with the services you request, including DNS lookups, IP geolocation, WHOIS queries, and other network diagnostic tools.
  • Legitimate Interest (Article 6(1)(f)): Processing necessary for our legitimate interests, specifically:
    • Rate limiting and abuse prevention to maintain service availability
    • Cookie-less analytics to understand usage patterns and improve the service
    • Security monitoring to protect against attacks and unauthorized access

4. How We Use Information

We use collected information to:

  • Provide and maintain the Service
  • Improve and optimize the Service
  • Prevent abuse and enforce rate limits
  • Analyze usage patterns to improve user experience
  • Respond to support requests

5. Data Retention

We retain different types of data for different periods:

  • Cached lookup results: Up to 1 hour to improve performance
  • Detailed API usage logs: 90 days for security and debugging
  • Aggregated usage statistics: Up to 1 year for capacity planning
  • One-Time Secrets: Deleted immediately after viewing or upon expiration

6. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:

  • To comply with legal obligations
  • To protect and defend our rights and property
  • To prevent or investigate possible wrongdoing
  • With your explicit consent

7. Third-Party Services

Our Service interacts with third-party services to provide lookup functionality. When you perform lookups, your query data may be transmitted to these services:

DNS Resolvers

Domain names you query are sent to public DNS resolvers including:

  • Google Public DNS (8.8.8.8, 8.8.4.4)
  • Cloudflare DNS (1.1.1.1, 1.0.0.1)
  • Quad9 (9.9.9.9)
  • OpenDNS (208.67.222.222, 208.67.220.220)

WHOIS/RDAP Servers

For domain registration lookups, domain names are sent to authoritative WHOIS and RDAP servers operated by registries including:

  • Verisign (for .com, .net domains)
  • Public Interest Registry (PIR) (for .org domains)
  • Country-code TLD registries
  • Other gTLD registry operators

Regional Internet Registries (RIRs)

For IP address lookups, IP addresses may be queried against RDAP/WHOIS servers operated by:

  • ARIN (American Registry for Internet Numbers)
  • RIPE NCC (Europe, Middle East, Central Asia)
  • APNIC (Asia-Pacific)
  • LACNIC (Latin America and Caribbean)
  • AFRINIC (Africa)

IP Geolocation

We use MaxMind GeoIP databases that are stored locally on our servers. IP geolocation lookups do not result in your IP address being transmitted to external services.

Analytics

We use internal, server-side analytics only. No third-party analytics scripts are loaded in your browser. Key privacy features:

  • Cookie-free: No cookies are set for analytics purposes
  • Server-side only: No client-side tracking scripts
  • No cross-site tracking or fingerprinting
  • All analytics data remains on our own servers

8. Cookies and Tracking

We take a privacy-first approach to cookies and tracking:

  • No advertising cookies: We do not use any advertising or marketing cookies.
  • No tracking cookies: We do not use third-party tracking cookies or cross-site tracking mechanisms.
  • Cookie-free analytics: Our server-side analytics do not use cookies or client-side tracking.
  • Essential cookies only: We may use strictly necessary session cookies for security purposes (e.g., CSRF protection) if required by specific features. These are first-party cookies essential for the service to function.

9. Security

We implement reasonable security measures to protect your information. However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

10. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of Access (Article 15): You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification (Article 16): You have the right to request correction of any inaccurate personal data we hold about you.
  • Right to Erasure (Article 17): You have the right to request deletion of your personal data, subject to certain exceptions.
  • Right to Restrict Processing (Article 18): You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format.
  • Right to Object (Article 21): You have the right to object to processing of your personal data based on legitimate interests.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected the information, the business purpose for collecting the information, and the categories of third parties with whom we share the information.
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out of Sale: We do NOT sell your personal information to third parties. We have not sold personal information in the preceding 12 months and do not have plans to do so.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. You will not receive different prices, quality of service, or any other discriminatory treatment for exercising your rights.

To submit a request, please contact us at [email protected]. We will verify your identity before processing your request.

12. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

14. Contact

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us: