Legal

Privacy Policy

Effective date: 1 June 2025

1. Who We Are

NovaDNS operates the dynamic DNS service available at novadns.io. For the purposes of data protection law, NovaDNS is the data controller responsible for your personal data.

You can reach us at support@novadns.io for any privacy-related enquiries.

2. What Data We Collect

We collect the following categories of personal data:

• Account data — name, email address, and hashed password when you register.
• Billing data — Paddle customer ID and subscription ID. We do not store card numbers or full payment details; these are handled directly by Paddle.
• Host & DNS data — subdomain names, IPv4/IPv6 addresses you send us, TTL settings, and update timestamps.
• Usage data — IP addresses of update requests, timestamps, and HTTP user-agent strings, used for rate limiting and abuse prevention.
• Communication data — any information you provide when contacting support.

We do not collect sensitive personal data (e.g. health information, racial or ethnic origin) and we do not sell your data to third parties.

3. How We Use Your Data

We use your data to:

• Provide and maintain the DNS service, including processing update requests.
• Manage your account, authenticate you, and reset your password.
• Process payments and manage your subscription via Paddle.
• Send transactional emails (password resets, billing receipts).
• Detect and prevent abuse, fraud, and violations of our Terms of Service.
• Comply with legal obligations.

We do not use your data for advertising or sell it to data brokers.

4. Legal Bases for Processing

Where data protection law requires a legal basis, we rely on the following:

• Contract — processing necessary to provide the Service you have signed up for.
• Legitimate interests — security monitoring, abuse prevention, and product improvement, where these do not override your rights.
• Legal obligation — compliance with applicable laws and regulations.
• Consent — where we explicitly ask for it (e.g. optional marketing emails).

5. Data Sharing

We share your data only where necessary:

• Paddle — our payment processor and Merchant of Record. Paddle processes billing information under their own privacy policy.
• Cloud infrastructure — our hosting and database providers process data on our behalf under data processing agreements.
• AWS Route 53 — DNS record updates are written to Amazon Web Services. Subdomain names and IP addresses are transmitted for this purpose.
• Legal requirements — we may disclose data if required by law, court order, or to protect the rights and safety of NovaDNS or others.

We do not transfer your personal data outside your region without appropriate safeguards (e.g. Standard Contractual Clauses).

6. Payments

All payment processing is handled by Paddle, who acts as the Merchant of Record for transactions on novadns.io. NovaDNS does not receive or store your full credit card number, CVV, or bank account details. We only store the Paddle customer ID and subscription ID needed to manage your account status.

For more information on how Paddle processes your payment data, please see Paddle’s Privacy Policy.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

• Account data is kept until you delete your account.
• DNS update logs (IP addresses, timestamps) are retained for up to 90 days for abuse prevention and debugging.
• Billing records may be retained for up to 7 years to comply with financial regulations.

When you delete your account, we will permanently erase your personal data within 30 days, except where retention is required by law.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — request deletion of your data (subject to legal obligations).
• Restriction — ask us to limit how we process your data.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — where processing is based on consent, withdraw it at any time.

To exercise any of these rights, email us at support@novadns.io. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9. Cookies

We use a single session cookie (nova_session) to keep you logged in. This cookie is strictly necessary for the Service to function and does not track you across other websites.

We do not use third-party advertising cookies or cross-site tracking. If you use our analytics (Vercel Analytics), aggregate, anonymized page-view data may be collected without using cookies. For full details, see our Cookie Policy.

10. Children’s Privacy

The Service is not directed at children under the age of 13 (or 16 in the EU). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify you by email. We encourage you to review this page periodically.

12. Contact

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at: support@novadns.io