← Back to home

Privacy Policy

Effective: March 24, 2026 — Version 2.1

1. Who We Are

ArmorDNS is a DNS filtering service designed to provide simple, opinionated protection for families.

For purposes of data protection laws, ArmorDNS acts as the data controller for personal data processed in connection with providing the service. For organizational customers, ArmorDNS may act as a data processor where the organization determines processing purposes under a separate Data Processing Addendum.

In this policy, “personal data” means information that identifies or can reasonably be linked to an identifiable individual.

Contact: privacy@armordns.com

2. Information We Collect

ArmorDNS is designed with a data minimization approach. We collect only the minimum information required to operate DNS filtering and account services.

Account Information

  • Email address
  • Hashed password
  • Subscription status
  • Billing identifiers (processed by Stripe)

We do not store or process full payment card numbers.

Device Information

  • Device name (user provided)
  • Device type (e.g., iOS, Android, Router)
  • A device-specific DNS authentication token used to associate DNS queries with a specific device for filtering enforcement. This token is not used for tracking or advertising.

DNS Query Logs

For dashboard visibility and filtering enforcement, we temporarily process:

  • Domain requested
  • Query type (A, AAAA, etc.)
  • Timestamp
  • Block/allow decision

DNS query logs are automatically deleted within 24 hours.

Aggregated Statistics

ArmorDNS generates aggregated statistics (such as total blocked and allowed domain counts) which do not contain individual DNS query records and are retained for the duration of your account.

What We Do Not Collect

  • We do not inspect web content.
  • We do not profile users.
  • We do not use advertising trackers.
  • We do not sell personal data.
  • We do not store your IP address in query logs or long-term application storage.

DNS requests inherently include the requesting device's IP address during network transmission. Our infrastructure providers may process IP addresses transiently for network routing, security monitoring, and abuse prevention.

3. Legal Basis for Processing

Where applicable, we process personal data under the following lawful bases:

  • Performance of a contract — to provide DNS filtering and account services.
  • Legitimate interests — to secure, monitor, and improve service integrity.
  • Legal obligation — to comply with applicable laws.
  • Consent — where explicitly required.

4. Data Retention

Data TypePurposeRetention
Account emailAccount managementUntil account deletion
DNS query logsDashboard visibility24 hours
Audit/security logsAbuse prevention90 days
Billing metadataSubscription managementPer Stripe retention policy

When you delete your account, associated personal data is removed except where retention is required by law. Deleted data may persist in encrypted backups for up to 30 days before being automatically overwritten.

5. Subprocessors

We use carefully selected service providers to operate ArmorDNS:

  • Stripe — Payment processing (billing metadata, subscription status)
  • DigitalOcean — Application hosting (all application data)
  • Resend — Transactional email delivery (email address, message content)
  • Cloudflare — Upstream DNS resolution and bot protection via Turnstile (IP address, browser signals)
  • Google — OAuth authentication, if enabled by user (email address, name)

Each subprocessor processes data under contractual confidentiality and security obligations.

A Data Processing Addendum (DPA) is available upon request for organizational customers. Contact privacy@armordns.com.

6. International Data Transfers

ArmorDNS is operated in the United States. If you access the service from outside the U.S., your data may be processed in the United States or other jurisdictions where our infrastructure providers operate.

Where required by applicable data protection laws, we rely on Standard Contractual Clauses and the EU-U.S. Data Privacy Framework (for certified subprocessors) to ensure adequate safeguards for international transfers.

7. Your Rights

Subject to applicable law, you have the right to:

  • Access your personal data
  • Correct inaccurate information
  • Request deletion
  • Restrict processing
  • Object to processing
  • Request data portability
  • Withdraw consent where processing relies on consent
  • Lodge a complaint with a supervisory authority

To exercise rights, contact: privacy@armordns.com

We respond within 30 days where legally required.

Colorado residents may have additional rights under the Colorado Privacy Act (CPA).

8. Security Measures

We implement reasonable technical and organizational safeguards including:

  • Encrypted DNS transport (DoT/DoH)
  • HTTPS encryption
  • Password hashing
  • Access controls
  • Database encryption at rest

See our Security & Trust page for details.

9. Data Breach Notification

In the event of a breach affecting personal data, we will notify affected users within 30 days of determination that a breach has occurred, consistent with Colorado law (CRS § 6-1-716) and in accordance with other applicable legal requirements.

Notification will include the nature of the breach, the types of information involved, steps ArmorDNS is taking in response, and recommendations for protecting yourself.

10. Children's Privacy

Accounts must be created by individuals 18 years or older. Devices used by minors may be configured by a parent or guardian.

We do not knowingly collect personal data directly from children under 13. ArmorDNS does not create profiles of individual minors, does not associate DNS queries with the identity of a specific child, and processes minor-generated query data solely to provide filtering services to the account holder. The account holder is responsible for providing appropriate notice and obtaining any required consent within their household.

11. Cookies & Local Storage

We use a session cookie for authentication. We do not use tracking cookies or third-party advertising cookies. No analytics or advertising scripts are loaded on any ArmorDNS page.

12. Do Not Track

ArmorDNS does not track users across third-party websites and does not respond to Do Not Track browser signals because we do not engage in cross-site tracking.

13. Changes to This Policy

Material changes will be communicated via email or dashboard notification prior to taking effect.

14. Contact

For privacy inquiries, data requests, or security reporting:

ArmorDNS, LLC — Colorado, United States

15. Third-Party Data Sources & Attribution

ArmorDNS uses community-maintained blocklists to filter harmful content. These lists are open-source and used under their respective licenses. We do not sell, share, or redistribute the lists themselves — we use them solely to determine whether a DNS query should be blocked.

Key sources include AdAway (CC BY 3.0), Steven Black's Hosts (MIT), HaGeZi (GPL-3.0 + CC BY-SA 4.0), OISD (various), and the Blocklist Project (MIT). A complete list with links and license details is available on our Security & Trust page.

In compliance with CC BY 3.0 licensing: portions of our filtering data are derived from the AdAway default blocklist (adaway.org), used under the Creative Commons Attribution 3.0 Unported License.

Version 2.1 — March 24, 2026