The "Zero-Knowledge" Standard
We operate under a strict Data Minimization principle. Our servers are configured to discard request data immediately after the DNS lookup is resolved.
No IP Logging
Your Source IP is never written to disk or stored in long-term databases.
No History
We do not build profiles of the domains you visit or your browsing habits.
No Fingerprinting
We do not use browser user-agent headers to track specific devices.
No Data Sale
We have zero partners. No data is ever sold, shared, or traded.
Ephemeral Infrastructure
Volatile Memory Only
Our resolvers are designed to run entirely in RAM (Random Access Memory). We use Redis for caching, which is configured as a volatile store.
Result: If a server loses power or is physically seized, all data vanishes instantly. No data can be recovered from the hardware.
Transit Encryption
Traditional DNS is sent in plain text. We enforce modern encryption standards (TLS 1.3 and QUIC) for all DoH, DoT, and DoQ connections.
Result: Your ISP or local network admin cannot snoop on your DNS requests or inject ads.
The Single Exception: Security Logs
In the specific event of a DDoS attack against our infrastructure, our firewall (nftables) may temporarily log the offending IP addresses to enforce bans.
These logs are purely mechanical, do not contain DNS query content, and are automatically flushed (deleted) within 24 hours once the threat has subsided.
Jurisdiction
We operate independently and are not subject to mandatory data retention laws.
We will never compromise our encryption keys or install backdoors for state surveillance.