Last updated: 27 February 2026
This Privacy Statement explains what information ellipticZero DNS collects, how it is used, and how it is protected. The service is operated by Elliptic Consulting LLC.
1. Information We Collect
Account information When you create an account we collect your email address and, if you choose email/password authentication, a hashed version of your password. If you sign in via OAuth (Google or GitHub), we receive only the email address and profile name provided by that provider — we never see your password.
DNS records We store the DNS records you create, including hostnames, record types, TTL values, and IP addresses or other record content.
API tokens We store a hashed representation of any API tokens you generate. The plain-text token is shown only once at creation time and is not retained.
Usage and audit logs We log account activity (logins, record changes, API calls) to support security monitoring and troubleshooting. Logs are retained for 90 days.
Technical data When you use the service your browser or client sends standard technical information such as IP addresses and HTTP headers. This data is used solely for operating and securing the service.
2. How We Use Your Information
We use the information we collect to:
- Create and manage your account
- Operate the DNS service and resolve your records
- Send transactional emails (account confirmation, security alerts)
- Investigate abuse or violations of our Terms of Use
- Improve the reliability and performance of the service
We do not use your information for advertising and we do not sell it to third parties.
3. Information Sharing
We do not share your personal information with third parties except:
- Service providers — hosting and infrastructure providers who process data on our behalf and are bound by confidentiality obligations
- Legal requirements — when required by law, court order, or to protect the rights and safety of our users or the public
4. Data Retention
| Data | Retention period |
|---|---|
| Account and DNS records | Until you delete your account |
| Audit logs | 90 days |
| Inactive accounts | Deleted after 12 months of inactivity |
You can delete your account at any time from your account settings. All associated data is permanently deleted within 30 days.
5. Security
We protect your data using industry-standard measures including HTTPS encryption for all connections, hashed password storage, HttpOnly cookies for session tokens, and role-based access controls.
No method of transmission or storage is 100% secure. If you discover a security issue, please contact us at info@ellipticconsulting.com.
6. Cookies
We use a single session cookie to keep you logged in. We do not use tracking, advertising, or analytics cookies.
7. Your Rights
You have the right to:
- Access the personal data we hold about you
- Correct inaccurate information
- Delete your account and all associated data
- Export your DNS records
To exercise any of these rights, log in to your account settings or contact us at info@ellipticconsulting.com.
8. Changes to This Statement
We may update this Privacy Statement from time to time. If we make material changes we will notify you by email. The date at the top of this page always reflects the most recent revision.
9. Contact
For privacy-related questions or requests, contact us at info@ellipticconsulting.com.