Privacy Policy
DNSnexus is designed to minimize data collection. Most tools operate without account creation. This policy explains exactly what we collect, why, and how long we keep it — with no buried clauses.
Contents
1. Who We Are
DNSnexus (thednsnexus.com) is a DNS, email, network, and security diagnostics platform. For the purposes of applicable data protection law, DNSnexus acts as the data controller of personal data collected through this website.
For privacy inquiries, data subject requests, or complaints, contact us at: privacy@thednsnexus.com
2. Data We Collect
2.1 Account Data (Monitor users only)
If you create a Monitor account, we collect:
- Email address (required for authentication and alert notifications)
- Name (optional, used for display purposes)
- OAuth identity tokens from Google if you sign in via Google (we receive your email and public profile only)
- Domain names you add to your monitoring dashboard
- Alert configuration preferences
2.2 Tool Input Data (All users)
When you use our diagnostic tools (DNS lookup, SSL checker, WHOIS, port scanner, etc.), you submit inputs such as domain names, IP addresses, or hostnames. We process these inputs to execute the requested diagnostic query. This data is:
- Not stored persistently for anonymous users — queries are processed in real-time and discarded
- Retained in server logs for up to 30 days for abuse prevention, security monitoring, and debugging before being anonymized or deleted
- Monitor account queries are associated with your account for dashboard display and history purposes
2.3 Technical & Usage Data (All visitors)
Our servers and analytics infrastructure automatically collect:
- IP address (used for rate limiting and geolocation of tool requests; anonymized in aggregate analytics)
- Browser type, operating system, and screen resolution
- Referring URL and pages visited on the site
- Request timestamps and response codes
- Aggregate tool usage counts (not linked to individual identity)
2.4 Cookie Data
We use cookies and local storage for authentication sessions, theme preferences, and with your consent, usage analytics. See our Cookie Policy for the full list.
3. How We Use Your Data
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide diagnostic tool results | Tool inputs, IP address | Contract / Legitimate interests |
| Monitor account management | Account data, domain data | Contract performance |
| Send alert notifications | Email address, domain data | Contract performance |
| Prevent abuse and rate-limiting | IP address, request logs | Legitimate interests |
| Improve site performance | Usage data (aggregated) | Legitimate interests |
| Analytics (with consent) | Cookie data, usage patterns | Consent |
| Legal compliance | Any data as required | Legal obligation |
4. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we rely on the following legal bases under GDPR Article 6:
- Contractual necessity (Art. 6(1)(b)) — processing required to provide Monitor account features you requested
- Legitimate interests (Art. 6(1)(f)) — security monitoring, abuse prevention, basic anonymous analytics, and service operation. Our legitimate interests do not override your fundamental rights.
- Legal obligation (Art. 6(1)(c)) — where we must retain records to comply with applicable law
- Consent (Art. 6(1)(a)) — non-essential analytics cookies, where you have given explicit, freely withdrawn consent via our cookie banner
You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
5. Third-Party Processors
We share data with the following service providers who process data on our behalf under data processing agreements (DPAs) that require them to protect your data:
| Processor | Purpose | Location |
|---|---|---|
| Vercel Inc. | Hosting, edge CDN, serverless functions | USA (GDPR DPA available) |
| Supabase Inc. | Authentication, database (Monitor accounts) | USA (GDPR DPA available) |
| Resend Inc. | Transactional email alerts | USA (GDPR DPA available) |
| Cloudflare Inc. | DDoS protection, DNS resolution | USA (GDPR DPA available) |
We do not sell, rent, or trade your personal data to any third party for their own marketing purposes.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Monitor account data | Until account deletion request, then purged within 30 days |
| Tool query server logs | 30 days, then anonymized or deleted |
| Anonymized aggregate analytics | Up to 24 months |
| Alert event history | 90 days rolling window |
| Financial/payment records | 7 years (legal obligation) |
| Abuse/security incident records | Up to 2 years for incident response |
7. Your Rights
Depending on your jurisdiction, you may have the following rights over your personal data. To exercise any right, email privacy@thednsnexus.com. We will respond within 30 days (GDPR) or 45 days (CCPA).
8. International Data Transfers
Our infrastructure is operated primarily in the United States. If you access DNSnexus from the EEA, UK, or Switzerland, your data may be transferred to and processed in a country with different data protection standards.
Where we transfer data outside the EEA/UK, we rely on appropriate safeguards, including the EU Standard Contractual Clauses (SCCs) and UK International Data Transfer Agreements (IDTAs) incorporated into our data processing agreements with processors listed in Section 5.
9. Children's Privacy
DNSnexus is not directed to children under 13 years of age (or under 16 in the EEA/UK where applicable). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@thednsnexus.com and we will promptly delete that information.
11. California Residents (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you specific rights:
- Right to Know — request disclosure of personal information collected, used, disclosed, or sold in the past 12 months
- Right to Delete — request deletion of personal information, subject to exceptions
- Right to Correct — request correction of inaccurate personal information
- Right to Opt-Out of Sale/Sharing — we do not sell or share your personal information with third parties for cross-context behavioral advertising
- Right to Non-Discrimination — we will not discriminate against you for exercising CCPA rights
To submit a verifiable consumer request, email privacy@thednsnexus.com with subject line "CCPA Request". We will respond within 45 calendar days.
12. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the "Last Updated" date at the top of this page. For significant changes affecting Monitor account holders, we will notify you by email at least 30 days before the changes take effect. Continued use of the site after changes become effective constitutes your acknowledgment of the updated policy.
13. Contact & Complaints
For any privacy-related question, data subject request, or concern, contact us at:
Website: https://www.thednsnexus.com
Response time: within 30 days
If you are in the EEA or UK and are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk. In Ireland, the Data Protection Commission (DPC) at dataprotection.ie.