Duck DNS Privacy Statement
(last updated January 28th 2020)
This Privacy Statement applies to the privacy practices of DuckDNS on its website, located at https://www.duckdns.org/, and to the Dynamic DNS service (DDNS Service) offered through our website.
This Privacy Statement is designed to comply with the GDPR (the EU General Data Protection Regulation of 2018) and other applicable privacy laws.
We may update our policies in order to reflect changes to our practices on the collection, storage and use of your personal information. If you want to have the latest information about our personal information handling practices and what information we may collect through this website or when you register for a domain name, we suggest that you check this website frequently for updates to our Privacy Statement. The latest version will always be posted at this website.
1. Information that we collect and why we collect itSigning In. When you visit our website, you can choose to sign in through your Twitter, Reddit, or Google account, by signing in through an existing Persona or GitHub account. Whenever you choose to sign in, you authorize us to collect certain information from that social media account (name, username, email address, profile picture, and any other basic information required or granted by the OAuth process). You may be able to control what information you provide us within the preferences or settings of your social media account. We use this information to personalize your experience on the website and to provide the DDNS Service.
Using the DDNS Service. When you use the DDNS Service, we collect certain information regarding your use of the Website from you, including identifiers such as: the IP address used to sign in, your email address, an access token issued to you for authorization (required by the DDNS Service API), and your target IP address. We use this information to enable the DDNS Service, and this information can be personal information in that it may be possible to identify you either on its own or in connection with other information.
Social Media. We may offer you the opportunity to engage with DuckDNS or its content on or through third-party social media websites, plug-ins, and applications. When you engage with us on or through third-party social media websites, plug-ins and applications, you may allow us to have access to certain information associated with your social media account (for example: name, username, email address or profile picture) to deliver content or as part of the operation of the DuckDNS website, plug-in, or application.
Information we Collect Automatically. We and our third-party service providers, including Google Analytics, process, store and analyze information obtained from your browser when you visit our website, including IP addresses, device identifiers, browser characteristics, operating system details, language preferences, referring URLs, length of visits, and pages viewed.
Your web browser may have settings that allow you to transmit a "Do Not Track" signal when you visit various websites or use online services. Like many websites, this website is not designed to respond to "Do Not Track" signals received from browsers.
2. Sharing of Personal DataExcept as set forth in this Privacy Statement and as required or permitted by law, we do not share your personal information with third parties without your consent.
Service Providers. Any of the your personal information that we collect may be transferred (or otherwise made available) to our affiliates and other third parties who provide website and administrative/operational support services on our behalf. Personal information may be collected by such providers for their own use, in line with their own privacy practices. You may check the privacy statements of each of these providers to decide whether you are comfortable with their policies.
We use third parties, including Google Analytics and Google Drive, to host and manage our website, to provide analytics, to detect and combat fraud or other illegal activities, and to store data. We have reviewed Google’s privacy policies, specifically for each of these services, and we think that their standards are in-line with our own. However, you should read these privacy policies for yourself and/or contact us with any questions that you may have, to decide for yourself.
Our service providers are given the information they need to perform their designated functions, and except for the reasons stated in this Privacy Statement, are not authorized to use or disclose personal information for other purposes.
Your personal information may be maintained and processed by us, our affiliates and other third-party service providers in the US or other jurisdictions. In the event that personal information is transferred outside of the EU or Canada, to the US or other foreign jurisdiction, it may also be subject to the laws of that jurisdiction and may be disclosed to or accessed by courts, law enforcement and governmental authorities in accordance with those laws.
Third Party Websites. The DuckDNS Website may contain links to other websites that are not owned or controlled by us. We have no control over, do not review and are not responsible for the privacy policies of or content displayed on such other websites. When you click on such a link, you will leave our service and go to another website. During this process, another entity may collect personal information from you.
Legal and Compliance. DuckDNS may share personal information with our affiliates, and with companies, organizations or individuals outside of DuckDNS if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary or desirable to:
- meet any applicable law, regulation, legal process or enforceable governmental request.
- detect, prevent or otherwise address malicious, deceptive, fraudulent or illegal activity, abuse as well as security or technical issues and incidents.
- protect against harm to the rights, property or safety of DuckDNS, our users or the public as required or permitted by law.
- operate this website, including requesting contributions.
- provisioning and operating the DuckDNS service.
3. Safeguarding Personal InformationWe have implemented reasonable administrative, technical and physical measures in an effort to safeguard the personal information in our custody and control against theft, loss and unauthorized access, use, modification and disclosure. We restrict access to your personal information on a need-to-know basis to employees and authorized service providers who require access to fulfill their service and support requirements.
We maintain logs of user activity on the DDNS System including IP addresses, email, browser, and referrer paths.
4. Our Server & DuckDNS ServicesThis Website is hosted on AWS cloud services, at an Amazon data centre. AWS provides physical security of our systems. Details are available at https://aws.amazon.com/compliance/data-center/data-centers/
Our servers are separated by a VPC, the disks are encrypted at rest. Logs are deleted after 90 days.
The information that might be personally identifiable contained in these logs is: IP, email; browser; and referrer paths.
Our servers are protected by AWS firewalls. They are not directly accessible via the Internet. The DuckDNS service is run over SSL with a valid 256bit signed ssl certificate. Our data is stored in an AWS provided database that is separated and only accessible to servers that are granted a role to access them. Access to the database via the AWS Console is secured through MFA. Data in the database is encrypted at rest.
5. Data Controller, BreachesIf there is a breach of our database or the database of any third party that we use and if you are/were affected, we will make reasonable efforts to notify you. In such case, we will also contact the relevant authorities that we are required to contact under law.
6. Your Rights and Opting OutDuck DNS’ data controller is Duckbill Holdings (Canada) Ltd.
One of your rights under the GDPR and other data protection laws is to opt out of data collection and transfers. Users of DuckDNS can also request the correction/update, copy, or deletion of any of their personal information that we have in our system at any time. To make such a request or exercise a right under relevant data protection laws, including if you wish to opt out of a consent that you may have provided to us in the past, please refer to the instructions contained in the section of this Privacy Statement that is called “Privacy Related Requests & Communications” (below).
Under the CCPA, in addition to the above rights, you have the right to know what categories of information that we have collected about you, the purpose of such collection and categories of third parties with whom we share such data. This information has already been provided you in this Privacy Statement, above.
Since our users’ personal information is what we use to administer accounts and DuckDNS access, you may manually delete your account and the information that we have for you, and this will remove your personal information from our database. For instructions on how to manually delete your account, please refer to our FAQ page (http://www.duckdns.org/faqs.jsp). Once you delete your account, the service or the website may become unavailable to you.
7. Data RetentionWe have personal information retention processes designed to retain personal information for no longer than necessary for the purposes stated above and to otherwise meet legal requirements.
We store the data we collect for about a year after a user and the DNS entry is no longer active. Once a year, we do a data purge. The only exception to this is when we have a legal obligation to keep it longer.
8. Privacy Related Requests & CommunicationsYou may contact us regarding any privacy-related requests, questions, or concerns that you may have regarding this Privacy Statement and how we handle personal information that is collected and processed by us through the DuckDNS website and the dynamic DNS service that we provide by directing your communications to the person who handles our data protection for us.
This may be done in one of two ways. You may email firstname.lastname@example.org or send your message to our PO Box address, to: Duckbill Holdings (Canada) Ltd, PO Box 53046 City Centre, Victoria, British Columbia V8W 3Z2, Canada. If you decide to send your privacy-related request by email and you send the request to a DuckDNS email account other than email@example.com, it may take longer to process your request.
In order to process your request, we will need to verify that you are an account holder. Whether or not we are able to process your request may be determined by the records that we have on file and whether we are able to verify that you are an account holder with us.