Duck DNS Privacy Statement
(last updated December 1st 2018)
This Privacy Statement applies to the privacy practices of DuckDNS on its website located at https://www.duckdns.org/, and to the Dynamic DNS service (DDNS Service) offered through our website.
This Privacy Statement is designed to comply with the GDPR (the EU General Data Protection Regulation of 2018) and other applicable privacy laws.
We may update our policies in order to reflect changes to our practices on the collection, storage and use of personal information.
If you want to have the latest information about our personal information handling practices, which we may collect through this website or when you register for a domain name, we suggest that you check this website frequently for updates to our Privacy Statement.
The latest version will always be posted at this website.
1. Information that we collect and why we collect itSigning In. When you visit our website, you can choose to sign in through your Twitter, Facebook, Reddit, or Google account. If you choose to sign in, you authorize us to collect certain information from that social media account (name, username, email address, profile picture, and any other basic information required or granted by the OAuth process). You may be able to control what information you provide us within the preferences or settings of your social media account. We may use this information to personalize your experience on the website and to provide the DDNS Service.
Using the DDNS Service. When you use the DDNS Service, we collect certain information from you including: the IP address used to sign in, your email address, an access token issued to you for authorization (required by the DDNS Service API), and your target IP address. We use this information to enable the DDNS Service, and this information can be personal information in that it may be possible to identify you either on its own or in connection with other information.
Social Media. We may offer you the opportunity to engage with DuckDNS or its content on or through third-party social media websites, plug-ins, and applications. When you engage with us on or through third-party social media websites, plug-ins and applications, you may allow us to have access to certain information associated with your social media account (for example: name, username, email address or profile picture) to deliver content or as part of the operation of the DuckDNS website, plug-in, or application.
Your web browser may have settings that allow you to transmit a "Do Not Track" signal when you visit various websites or use online services. Like many websites, this website is not designed to respond to "Do Not Track" signals received from browsers.
2. Sharing of Personal DataExcept as set forth in this Privacy Statement and as required or permitted by law, we do not share your personal information with third parties without your consent.
Service Providers. Your personal information may be transferred (or otherwise made available) to our affiliates and other third parties who provide services on our behalf. Personal information may be collected by such providers for their own use, in line with their own privacy practices. You may check the privacy statements of each of these providers to decide whether you are comfortable with their policies.
We use third parties, including Google Analytics and Google Drive, to host and manage our website, to provide analytics, to detect and combat fraud or other illegal activities, and to store data. We have reviewed Google’s privacy policies, specifically for each of these services, and we think that their standards are in-line with our own. However, you should read these privacy policies for yourself and/or contact us with any questions that you may have, to decide for yourself.
Our service providers are given the information they need to perform their designated functions, and except for the reasons stated in this Privacy Statement, are not authorized to use or disclose personal information for other purposes.
Your personal information may be maintained and processed by us, our affiliates and other third-party service providers in the US or other jurisdictions. In the event that personal information is transferred outside of the EU or Canada, to the US or other foreign jurisdiction, it may also be subject to the laws of that jurisdiction and may be disclosed to or accessed by courts, law enforcement and governmental authorities in accordance with those laws.
Third Party Websites. The DuckDNS Website may contain links to other websites that are not owned or controlled by us. We have no control over, do not review and are not responsible for the privacy policies of or content displayed on such other websites. When you click on such a link, you will leave our service and go to another website. During this process, another entity may collect personal information from you.
Legal and Compliance. DuckDNS may share personal information with our affiliates, and with companies, organizations or individuals outside of DuckDNS if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary or desirable to:
- meet any applicable law, regulation, legal process or enforceable governmental request.
- detect, prevent, or otherwise address abuse, security or technical issues.
- protect against harm to the rights, property or safety of DuckDNS, our users or the public as required or permitted by law.
- operate this website, including requesting contributions.
- provisioning and operating the DuckDNS service.
3. Safeguarding Personal InformationWe have implemented reasonable administrative, technical and physical measures in an effort to safeguard the personal information in our custody and control against theft, loss and unauthorized access, use, modification and disclosure. We restrict access to your personal information on a need-to-know basis to employees and authorized service providers who require access to fulfill their job requirements.
We maintain logs of user activity on the DDNS System including IP addresses, email, browser, and referrer paths.
4. Our Server & DuckDNS ServicesThis Website is hosted on AWS cloud services, at an Amazon data centre. AWS provides physical security of our systems.
Details are available at https://aws.amazon.com/compliance/data-center/data-centers/
Our servers are separated by a VPC, the disks are encrypted at rest. Logs are deleted after 90 days.
The information that might be personally identifiable contained in these logs is: IP, email; browser; and referrer paths.
Our servers are protected by AWS firewalls. They are not directly accessible via the Internet.
The DuckDNS service is run over SSL with a valid 256bit signed ssl certificate.
Our data is stored in an AWS provided database that is separated and only accessible to servers that are granted a role to access them.
Access to the database via the AWS Console is secured through MFA. Data in the database is encrypted at rest.
5. Data Controller, Breaches & Privacy Concerns/RequestsDuck DNS’ data controller is Duckbill Holdings (Canada) Ltd.
If there is a breach of our database or the database of any third party that we use, we will make reasonable efforts to notify you if you are affected as well as the relevant authorities that we are required to contact under law.
Users of DuckDNS can request a copy of any of their personal information that we have in our system by sending an email to the person who handles our data protection at firstname.lastname@example.org. Users can also delete their DuckDNS account at any time through the "Account" page.
Any privacy-related issues or concerns about DuckDNS, the website or the DDNS Service , including data correction (updates to your personal information) or other data subject access requests, can also be directed to email@example.com or to the following address: PO Box 53046 City Centre, Victoria, British Columbia V8W 3Z2.
6. Data RetentionWe have personal information retention processes designed to retain personal information for no longer than necessary for the purposes stated above and to otherwise meet legal requirements.
We store the data we collect for about a year after a user and the DNS entry is no longer active. Once a year, we do a data purge. The only exception to this is when we have a legal obligation to keep it longer.
7. Opting OutOne of your rights under the GDPR and similar laws is to opt out of data collection.
You can do so at any time, but that means that the service or the website may become unavailable to you.
If you opted in and later want to change your mind, please write us at firstname.lastname@example.org.