What We NEVER Collect
- DNS query logs
- Browsing history
- IP addresses (at the DNS level)
- Precise geolocation data
The ONLY Data We Handle
- Support email correspondence
- Stripe-managed subscription tokens
- Aggregate server health metrics
- Mandatory legal nexus records
SiftDNS Privacy Policy
Last Updated: February 1, 2026
At SiftDNS ("we", "us", "our"), your privacy is our primary product. This policy outlines our US-centric operations and our commitment to data minimization across our infrastructure in Texas, New York, and California.
Infrastructure Disclosure: SiftDNS recursive nodes do not log queries. However, our website utilizes Cloudflare for edge security and Stripe for billing. These third-party processors handle transient identifiers (like IP addresses) per their own security mandates to prevent fraud and DDoS attacks.
1. Zero-Log Architecture
Our core DNS service is designed to process queries in memory without writing to persistent storage. We do not know who you are, what websites you visit, or what your IP address is at the DNS level. Your browsing is your business.
2. Third-Party Data Processing
While SiftDNS collects zero logs, we use trusted partners for essential operations:
- Stripe: Acts as the data controller for billing. SiftDNS never has access to your full credit card or billing address.
- Cloudflare: Provides DDoS protection for our website. Cloudflare may process network identifiers for security telemetry.
- GitHub: Hosts our web content via GitHub Pages. Standard server logs for maintenance are managed by GitHub.
3. Security & Safeguards (NY SHIELD Act)
As we maintain infrastructure in New York and California, we adhere to the "Reasonable Safeguards" required by the NY SHIELD Act. Our technical safeguards are tuned for a zero-trust production environment:
- Multi-Factor Infrastructure Access: Access to our hosting control plane (DigitalOcean) is secured via TOTP-based Multi-Factor Authentication.
- Phishing-Resistant MFA: Administrative access to GitHub, Stripe, and Cloudflare is enforced via native FIDO2/WebAuthn security keys.
- Passphrase-Protected RSA Keys: Direct OS-level SSH access to SiftDNS nodes is restricted to RSA key-based authentication with mandatory high-entropy passphrases, satisfying multi-factor requirements (Possession + Knowledge).
- Data Minimization by Design: Our most robust safeguard is the absolute exclusion of private data logging, which eliminates the risk of data exposure at its source.
4. State-Specific Rights (CCPA, TDPSA)
We provide a high bar for privacy that meets or exceeds the requirements of the California Consumer Privacy Act (CCPA) and the Texas Data Privacy and Security Act (TDPSA).
- GPC Recognition: Our website technically honors and visually confirms **Global Privacy Control (GPC)** signals.
- No Geolocation Tracking: We do not collect or share "Precise Geolocation" data as defined by the TDPSA.
- No Sale of Data: SiftDNS does not sell or share personal data for monetary or other valuable consideration.
5. Legal Inquiries
While we comply with valid legal orders, we do not store DNS logs or personally identifiable subscriber information. We cannot provide historical browsing data because that data is never created or stored.
6. Contact & Domicile
SiftDNS is a sole proprietorship based in Georgetown, Texas. For any privacy inquiries, please reach out directly.
Email: [email protected]