Skip to main content

Privacy Policy

Your DNS queries are your business. We built this tool accordingly.

Last updated: March 20, 2026

The Short Version
No tracking cookies. No marketing emails. No third-party data sharing. No account required for core scans. DNS queries are not sold or shared. Period.
No Account Required

Every core DNS analysis works without signing in. You can scan any domain, review results, and export findings without creating an account or providing any personal information.

Optional Google OAuth 2.0 sign-in unlocks personal features like scan history, watchlists, and domain dossiers. If you choose to sign in, we store only your name and email for authentication. We do not store passwords — Google handles the credential exchange.

Cookies

We use exactly two cookies, both functional:

Cookie Purpose Type
_csrf Prevents cross-site request forgery on form submissions Security
_dns_session Session management — only exists if you choose to sign in Functional

No tracking cookies. No analytics cookies. No ad network pixels. No fingerprinting scripts.

IP Addresses

We log your IP address for two purposes:

  • Rate limiting — preventing abuse of the scanning service
  • Security — identifying malicious actors and complying with legal obligations

We also check source geography for analysis accuracy. DNS responses vary by region, and knowing which resolver answered from where makes the science better. This is not behavioral tracking.

DNS Queries

DNS queries submitted through this tool are used to produce your analysis results. They are not sold, shared with third parties, or used for advertising. Domain analyses contain only public DNS records and are integrity-hashed for scientific reproducibility.

Email & Communications

We run a consultancy serving high-profile clients. They hear from us when we answer their questions, send their invoices, or confirm their appointments. That’s it. No newsletters, no promotions, no noise. That same discipline applies here.

  • No marketing email — we don’t send newsletters, promotions, or drip campaigns.
  • No mailing lists — signing in does not subscribe you to anything.
  • Service-critical notices only — if we ever need to contact you (security advisory, breaking change, or account issue), it will be rare, justified, and directly relevant to your use of the tool.
  • Opt-in only — if we add product update notifications in the future, they will require your explicit consent and can be disabled at any time.
No Third-Party Data Sharing

Your information stays here. We don’t feed it to analytics platforms, ad networks, or data brokers. Our code is open-core — the application framework is publicly available under BUSL-1.1 with timed Apache-2.0 conversion. Verify it yourself.

Authentication & Security
  • Google OAuth 2.0 with PKCE — no passwords stored, no credentials to compromise
  • Content Security Policy (CSP) with per-request nonces on all pages
  • CSRF protection on all state-changing operations
  • HTTPS enforced with HSTS and secure headers
  • Rate limiting to prevent abuse

For the full security disclosure, see our Security Policy.

Account Deletion

If you create an account and want out, account deletion removes your login and scan history. Public domain analyses remain available because they contain only public DNS records, already integrity-hashed for scientific reproducibility.

Changes to This Policy

This policy reflects our current practices. If our business model evolves, any changes to communication or data practices will require your explicit opt-in consent. The current version is always available at this URL.

Security Policy Intelligence Sources IT Help San Diego Inc.

Straight talk about your data.

We use two cookies, both essential:

  • _csrf — Prevents cross-site request forgery. Required for form submissions. Security-only.
  • _dns_session — Only exists if you choose to sign in. No account required to use DNS Tool.

We log your IP address for two reasons: rate limiting (so nobody abuses the service) and security (identifying malicious actors and complying with legal obligations). We check source geography for analysis accuracy — DNS responses vary by region, and knowing which resolver answered from where makes the science better.

No tracking cookies. No analytics cookies. No ad networks. No data brokers. Our code is open-core — the application framework is publicly available under BUSL-1.1 with timed Apache-2.0 conversion. Verify it yourself.

If you create an account and want out, account deletion removes your login and scan history. Public domain analyses remain available because they contain only public DNS records, already hashed. Full details: Privacy Policy.