Privacy Policy

Last Updated: January 25, 2026

1. Introduction

RocketDNS ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you subscribe to our Secondary DNS service. We adhere to the principles of GDPR, CCPA, and PIPEDA to ensure your rights are respected.

2. Information We Collect

We collect only the data necessary to provide and improve our service:

  • Account Information: Name, email address, password hash, and billing details (processed securely via Stripe).
  • Service Data: Domain names, zone files (DNS records), and IP configurations you input.
  • Operational Logs: IP addresses interacting with our API or Dashboard, and metadata regarding DNS query volume (for billing purposes).

3. Data Retention

We retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy.

  • Account Data: Retained for the lifetime of your account plus 2 years for audit/tax compliance.
  • DNS Query Logs: Retained for a maximum of 30 days for debugging and security analysis, after which they are aggregated or deleted.

4. Your Rights (GDPR & CCPA)

Depending on your location, you may have the following rights regarding your personal data:

  • The right to access: You have the right to request copies of your personal data.
  • The right to rectification: You have the right to request that we correct any information you believe is inaccurate.
  • The right to erasure: You have the right to request that we erase your personal data ("Right to be Forgotten"), subject to legal billing retention requirements.
  • The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you.

To exercise these rights, please contact us at privacy@rocketdns.io.

5. Cookies and Tracking

We use minimal cookies strictly necessary for the operation of the dashboard:

  • Session Cookies: To keep you logged in securely (`rocketdns_session`).
  • XSRF-TOKEN: To prevent Cross-Site Request Forgery attacks.

We do not use third-party advertising cookies or sell your browsing data to ad networks.

6. Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption of data in transit (TLS 1.2+) and encryption of sensitive secrets (API tokens, Webhook keys) at rest.