Privacy Policy
Last Updated: January 30, 2026
1. Introduction
RocketDNS Inc. ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you subscribe to our Secondary DNS service.
We adhere to the principles of the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Personal Information Protection and Electronic Documents Act (PIPEDA), as well as applicable provincial privacy laws in Quebec, to ensure your rights are respected.
2. Role of Paddle (Merchant of Record)
Our order process is conducted by our online reseller and Merchant of Record, Paddle (Paddle.com).
- Data Collection by Paddle: When you purchase a subscription, the personal data required for the transaction (including your name, address, credit card number, and tax identification) is collected and processed directly by Paddle in accordance with their Privacy Policy.
- Data Sharing: RocketDNS does not store, process, or have access to your full credit card number or sensitive payment instrument details. We only receive the data necessary for service fulfillment and account management, such as your email address, name, and subscription validity status (e.g., active, past_due, cancelled).
3. Information We Collect
We collect only the minimum amount of data necessary to provide, secure, and improve our service:
A. Information You Provide
- Account Information: Name, email address, and encrypted password hash.
- Service Data: Domain names, zone files (DNS records), and IP configurations you input into the dashboard or API.
B. Information Collected Automatically
- Operational Logs: IP addresses interacting with our API or Dashboard for security auditing.
- DNS Traffic Metadata: We collect aggregate metadata regarding DNS query volumes (QPS) to enforce our Fair Use Policy and billing tiers. We do not log the content of DNS queries (e.g., which end-users are visiting your domains) for commercial tracking or advertising purposes.
4. How We Use Your Information
We use the information we collect for the following purposes:
- Service Delivery: To propagate your DNS records across our global infrastructure.
- Billing & Account Management: To verify your subscription status with Paddle.
- Security: To detect and prevent abuse, DDoS attacks, and unauthorized access.
- Communication: To send you transactional emails (e.g., password resets, invoice receipts, downtime alerts).
5. Data Retention
We retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy.
- Account Data: Retained for the lifetime of your account plus 2 years following cancellation for audit, tax, and legal compliance purposes.
- DNS Query & Security Logs: Retained for a maximum of 30 days for debugging, performance monitoring, and security analysis, after which they are permanently deleted or anonymized.
6. Your Rights (GDPR, CCPA, & Quebec Law 25)
Depending on your location, you have specific rights regarding your personal data:
- Right to Access: You have the right to request copies of your personal data.
- Right to Rectification: You have the right to request that we correct any information you believe is inaccurate.
- Right to Erasure: You have the right to request that we erase your personal data ("Right to be Forgotten"), subject to legal retention requirements for financial records.
- Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, in a structured, machine-readable format.
To exercise these rights, please contact our Data Protection Officer at privacy@rocketdns.io.
7. Cookies and Tracking
We use minimal cookies strictly necessary for the operation of the dashboard. We do not use third-party advertising cookies or sell your browsing data.
Analytics: We use Umami, a privacy-focused, open-source analytics solution. Umami does not use cookies, does not track you across websites, and collects only anonymized metrics to help us improve our service.
| Cookie Name | Purpose | Duration |
|---|---|---|
| rocketdns_session | Maintains your secure login session and authentication state. | Session |
| XSRF-TOKEN | Prevents Cross-Site Request Forgery (CSRF) attacks. | Session |
8. Data Security
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk:
- Encryption in Transit: All data transmitted between you and our services is encrypted using TLS 1.2 or higher.
- Encryption at Rest: Sensitive secrets (such as API tokens, TSIG keys, and Webhook secrets) are encrypted in our database.
- Access Controls: Access to production servers is restricted to authorized personnel using strict multi-factor authentication (MFA).
9. International Data Transfers
RocketDNS is headquartered in Quebec, Canada. However, our DNS infrastructure is global. By using the Service, you acknowledge that your DNS Zone Data (public records) will be replicated to servers in multiple jurisdictions (including the US, EU, and Asia) to ensure global availability and performance. Personal account data remains hosted in our primary secure region.
10. Contact Us
If you have questions or comments about this Privacy Policy, please contact us at:
RocketDNS Inc.Montreal, Quebec, Canada
Email: privacy@rocketdns.io
© 2026 RocketDNS Inc.