Privacy Policy

1. Introduction

Lumique LLC, operating as EdgeDNS (“we,” “us,” or “our”), operates the EdgeDNS domain monitoring and intelligence API platform at edgedns.dev. This Privacy Policy describes how we collect, use, and protect your information when you use our services.

We are committed to privacy by design. Your domain monitoring data is private to your organization and is never shared with other customers, sold to third parties, or exposed to passive DNS databases.

2. Information We Collect

We collect the following categories of personal data:

• Identifiers — name, email address, API key identifiers
• Account credentials — authentication data managed by Clerk
• Usage data — API request logs (timestamps, endpoints, response codes)
• Domain data — DNS records, SSL certificates, WHOIS data, health scores for subscribed domains
• Financial data — payment processing handled by Stripe (we do not store card details)
• Analytics data — anonymized page views and site usage via Google Analytics

Details on each category:

2.1 Account Information

When you create an account, we collect your name, email address, and authentication credentials. Account management is handled by Clerk, our authentication provider.

2.2 API Usage Data

We log API requests for rate limiting, billing, and abuse prevention. This includes request timestamps, endpoints called, response codes, and your API key identifier. We do not log the full content of API responses.

2.3 Domain Monitoring Data

When you subscribe domains for monitoring, we collect DNS records, SSL certificate details, WHOIS registration data, ping/uptime results, and computed health scores for your subscribed domains. This data is stored exclusively for your organization and is never shared with other customers or third parties.

2.4 Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers or payment method details on our servers. Stripe's privacy policy governs how your payment information is handled.

2.5 Analytics Data

We use Google Analytics to understand how visitors use our website. This collects anonymized usage data including pages visited, time on site, and referral sources. You can opt out of analytics tracking via our cookie consent preferences.

3. How We Use Your Information

• To provide, maintain, and improve our API services
• To process your transactions and manage your account
• To monitor your subscribed domains and deliver alerts
• To enforce rate limits and prevent abuse
• To send service-related communications (outage notices, billing updates)
• To respond to support requests
• To analyze website usage and improve user experience

We do not use your domain monitoring data for any purpose other than providing the monitoring service to you. We do not sell, rent, or share your data with third parties for their marketing purposes.

4. Data Retention

We retain your data only as long as necessary to provide our services:

• API request logs: 90 days, then automatically deleted
• Domain monitoring data: Retained while your subscription is active. Deleted within 30 days of subscription cancellation.
• Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
• Billing records: Retained for 7 years as required by tax law.

5. Data Security

We implement industry-standard security measures to protect your data:

• All data transmitted via TLS 1.3 encryption
• API keys are hashed and never stored in plaintext
• Infrastructure runs on Cloudflare's global edge network with DDoS protection
• Domain monitoring data is isolated per organization
• Regular security reviews and access controls

6. Third-Party Services

We use the following third-party services to operate EdgeDNS:

• Cloudflare: Infrastructure, CDN, and edge computing (Privacy Policy)
• Clerk: Authentication and user management (Privacy Policy)
• Stripe: Payment processing (Privacy Policy)
• Google Analytics: Website analytics (with cookie consent) (Privacy Policy)

Each provider processes data according to their own privacy policy. We only share the minimum data necessary for each service to function.

7. Cookies

We use cookies and similar technologies for the following purposes:

• Essential cookies: Required for authentication and session management (provided by Clerk). These cannot be disabled.
• Analytics cookies: Used by Google Analytics to understand website usage. You can manage these through our cookie consent banner.

We do not use advertising or tracking cookies. You can control cookie preferences through your browser settings or our cookie consent controls. You may withdraw your consent at any time using the “Cookie Settings” link in our website footer.

When analytics cookies are declined, Google Analytics may still receive anonymized, cookieless signals (no personal data or identifiers) to support aggregate traffic estimation. No cookies are stored and no individual user can be identified from these signals.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate data
• Deletion: Request deletion of your personal data
• Portability: Request your data in a machine-readable format
• Objection: Object to processing of your data for specific purposes
• Restriction: Request restriction of processing in certain circumstances
• Withdraw consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing
• Complaint: Lodge a complaint with your local data protection supervisory authority (see Section 14)

To exercise any of these rights, contact us at privacy@edgedns.dev. We will respond within 30 days.

9. GDPR Compliance

For users in the European Economic Area (EEA), we process personal data under the following legal bases:

• Contract performance: Processing necessary to provide our API services (account data, domain monitoring, API usage)
• Legitimate interest: Security monitoring, fraud prevention, and service improvement
• Consent: Analytics cookies and marketing communications (where applicable)
• Legal obligation: Retention of billing records as required by tax law (Section 4)

10. Automated Decision-Making

EdgeDNS does not use automated decision-making or profiling that produces legal effects or similarly significantly affects you, as defined under GDPR Article 22. Our scoring algorithms (security, compliance, performance) analyze publicly available website data and do not process your personal data for automated individual decisions.

11. CCPA / CPRA Compliance

For California residents: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. You have the right to know what data we collect, request deletion, and opt out of any future sales (though we do not engage in sales of personal data).

12. Children's Privacy

EdgeDNS is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at privacy@edgedns.dev.

13. International Data Transfers

EdgeDNS processes data on Cloudflare's global edge network, which means your API requests are processed at the nearest point of presence to you. Account data and monitoring results may be stored in the United States.

For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. Our third-party processors (Cloudflare, Clerk, Stripe) maintain their own data transfer mechanisms including SCCs and, where applicable, Data Privacy Framework certifications.

14. Data Controller & DPO

The data controller for the personal data processed through our services is:

Lumique LLC, operating as EdgeDNS
418 Broadway Ste N, Albany, NY 12207, United States
Data Protection Officer: Lumique LLC Privacy Team
Email: privacy@edgedns.dev

We will respond to data protection requests within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority. For example:

• Germany: BfDI (Bundesbeauftragter für den Datenschutz)
• UK: ICO (Information Commissioner's Office)
• France: CNIL (Commission Nationale de l'Informatique et des Libertés)

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website or sending you an email. Continued use of our services after changes constitutes acceptance of the updated policy.

16. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: privacy@edgedns.dev