Privacy Policy

We collect the minimum we need to run DNS.pizza: your email, the domains you ask us to watch, and some usage data. We don’t sell your data. We share it only with the service providers we need to run the product. You can export or delete your data any time.

This policy covers anyone using the site at https://dns.pizza — visitors, signed-in users, and paying subscribers. By using the service you consent to the data practices described here.

Information you give us directly:

• Email address (for your account and alerts).
• Name and avatar (if provided via Google / GitHub sign-in).
• Password (stored as a salted bcrypt hash — we can’t read your password).
• Domains you choose to monitor or look up, and any notification channel configuration (webhook URLs, Slack/Discord incoming-webhook URLs, extra email addresses). Webhook signing secrets are encrypted at rest with AES-256-GCM.
• Payment information — actually handled by Stripe, we only see a customer ID and subscription status.

Information we collect automatically:

• Lookup history: domains you queried, timestamps, results. Used to give you history and (for Pro users) exports.
• DNS snapshots: the DNS records of domains you monitor, kept so we can detect changes. Not personal data, but it’s your data.
• Basic request logs (IP address, user agent, timing) for rate limiting, security, and debugging. Retained for up to 30 days.
• Cookies: only the session cookie needed to keep you signed in. No third-party advertising cookies.

Information from third parties:

• If you sign in with Google / GitHub, we receive your email, name, and avatar from them.
• When you look up an IP, we enrich it with ASN and country data from IPinfo.
• When you look up a domain, we query public registries (RDAP / WHOIS) and public DNS. Those systems may log the query server-side; they’re outside our control.

• To operate the service (run lookups, monitor domains, deliver alerts).
• To bill paid plans.
• To prevent abuse and enforce rate limits.
• To diagnose errors and improve reliability.
• To communicate with you about account, billing, and service changes.

We do not use your data to train AI models. We do not run advertising networks. We do not profile or track you across the web.

To run DNS.pizza, we hand some data to the companies below. Each of them has their own privacy policy. We only share what’s necessary for them to do their job.

We may also query public DNS resolvers (Google 8.8.8.8, Cloudflare 1.1.1.1, Quad9), the Internet Archive’s Wayback Machine, crt.sh for certificate transparency, and public RDAP servers. These queries contain the domain you’re looking up; they don’t contain your account information.

• Account data: until you delete your account.
• Monitored domains and DNS snapshots: until you remove the domain; we keep up to 90 days of snapshot history on Pro, 7 days on Free.
• Alert delivery records: 90 days, then deleted.
• Request logs: up to 30 days.
• Billing records: retained as long as required by law (typically 7 years) via Stripe.
• Closed accounts: personal data deleted within 30 days, except where we must retain it (e.g. billing records above).

You can access, export, correct, or delete your data any time. Just email us or do it from the dashboard.

You have the right to:

• Access — get a copy of the personal data we hold about you.
• Correct — fix anything inaccurate.
• Delete — close your account or remove specific data.
• Export — download your monitored domains and history as JSON.
• Opt out of alerts — toggle email in settings or use the unsubscribe link in any alert email.
• Complain — if you believe we’ve mishandled your data, you can complain to your local data-protection authority. We’d rather you email us first so we can try to fix it.

To exercise any of these rights, email hello@dns.pizza. We’ll respond within 30 days.

We encrypt data in transit with TLS everywhere. Passwords are stored with bcrypt. Webhook signing secrets are encrypted at rest with AES-256-GCM using a key that lives only on our servers. We use short-lived secrets with automatic rotation where possible.

No system is perfectly secure. If we ever experience a breach that affects your personal data, we’ll notify you without undue delay — within 72 hours where legally required.

DNS.pizza is hosted in the United States. If you use the service from outside the US, your data will be transferred to and processed in the US and other countries where our subprocessors operate. We rely on the legal mechanisms (standard contractual clauses, adequacy decisions) that each subprocessor provides.

DNS.pizza isn’t designed for children. Don’t create an account if you’re under 13, or under the digital consent age in your country (16 in much of Europe). If we learn we’ve collected data from a child, we delete it.

We may update this policy. When we do, we’ll bump the effective date at the top, and for material changes we’ll email account holders at least 14 days before they take effect.

Privacy questions, access requests, or concerns: hello@dns.pizza. We treat privacy requests as a priority and reply within 30 days.