Legal

Privacy Policy

Last updated: March 2, 2026  ·  Effective upon account creation or continued use

Contents
Section 01

Introduction

PrismNS ("we," "us," or "our") operates the PrismNS managed DNS platform, including our website, APIs, TCP agent infrastructure, and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our Service.

By using PrismNS, you agree to the collection and use of information as described in this policy. If you do not agree with any part of this policy, please discontinue use of the Service.

This policy applies to all users of the Service, including individuals, developers, and organizations that deploy PrismNS TCP agents on their infrastructure. Please read it carefully alongside our Terms of Service.

Section 02

Information We Collect

We collect the following categories of information:

Account Information

  • Email address and username provided during registration
  • Password (stored as a salted cryptographic hash — we never store your plaintext password)
  • Account preferences and settings
  • API tokens and automation credentials you generate

DNS & Zone Data

  • DNS zone names and configurations you create or manage
  • DNS record types, values, and TTL settings (A, AAAA, CNAME, MX, TXT, etc.)
  • Zone ownership associations and delegation settings

Host & Agent Metadata

  • Hostnames registered by TCP agents deployed on your infrastructure
  • IP addresses (IPv4 and IPv6) reported by your agents
  • Heartbeat timestamps and connectivity status
  • Agent version and registration metadata transmitted during the TCP handshake
  • Per-host DNS zone assignments and record history

Usage & Technical Logs

  • API request logs (endpoint, timestamp, response status) — retained for 90 days
  • TCP connection events (connection time, disconnection, registration events)
  • Error logs and diagnostic data used to maintain service reliability
  • Browser information and IP address when you access the web dashboard

Billing Information

  • Subscription plan and billing history
  • Payment method details are processed and stored by our payment processor (Stripe) — we do not store full card numbers on our servers
  • Invoice records required for accounting and legal compliance

Cookies & Session Data

  • Session tokens set upon login, used to authenticate your requests
  • Preferences stored in browser local storage (e.g., theme, dashboard layout)
Section 03

How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provision DNS records, manage zones, authenticate requests, and operate the TCP agent registration infrastructure
  • DNS Automation: To process heartbeat signals from your agents and update DNS records accordingly when your hosts' IP addresses change or connectivity is lost
  • Billing & Payments: To process subscription payments, issue invoices, handle upgrades/downgrades, and manage refunds
  • Security & Fraud Prevention: To detect and respond to unauthorized access, abuse, or violations of our Terms of Service
  • Service Improvement: To analyze usage patterns (in aggregate, non-personally-identifiable form) to improve reliability, performance, and features
  • Communications: To send transactional emails (password resets, billing receipts, service alerts) and, where you have opted in, product updates and announcements
  • Legal Compliance: To meet our legal obligations, respond to lawful requests, and enforce our Terms of Service

We do not use your data for advertising, behavioral profiling, or sale to third parties.

Section 04

Data Sharing & Third Parties

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

  • Stripe (Payment Processing): When you subscribe to a paid plan, billing details are processed by Stripe, Inc. Stripe's use of your payment information is governed by Stripe's Privacy Policy. We receive only tokenized references to your payment method.
  • Amazon Web Services (Infrastructure): Our servers and databases run on AWS infrastructure. Data stored at rest resides within AWS data centers. AWS operates under strict data protection agreements with us.
  • Legal Disclosures: We may disclose your information if required to do so by law, subpoena, court order, or other legal process, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service before your data becomes subject to a different privacy policy.
We never sell your personal data to third parties. We never use your DNS record data or host metadata for any purpose other than providing the Service to you.
Section 05

Data Retention

  • Active Accounts: Account data, DNS zones, and host records are retained for the lifetime of your account.
  • Account Deletion: When you delete your account, we will remove your personal data, DNS records, and host metadata within 30 days. Anonymized or aggregated data not linked to your identity may be retained longer.
  • API & Access Logs: Request logs are retained for 90 days for security and debugging purposes, then automatically purged.
  • Billing Records: Invoice and transaction records may be retained for up to 7 years to comply with financial and tax regulations, even after account deletion.
  • Legal Hold: If your account is subject to an active legal investigation or dispute, we may retain relevant data beyond normal retention periods as required by law.
Section 06

Security

We implement technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction:

  • Encryption in Transit: All communication between your browser, TCP agents, and our servers uses TLS (Transport Layer Security). API tokens and session credentials are transmitted only over encrypted connections.
  • Encryption at Rest: Database volumes containing personal data and DNS records are encrypted at rest using AES-256.
  • Access Controls: Access to production systems is restricted to authorized personnel only, using multi-factor authentication and least-privilege principles.
  • Credential Storage: Passwords are hashed using a strong adaptive algorithm (bcrypt). We never store plaintext passwords or reversibly encrypted passwords.
  • Incident Response: In the event of a data breach affecting your personal information, we will notify affected users within 72 hours of becoming aware of the incident, in accordance with applicable law.
No security system is impenetrable. While we take significant precautions, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.
Section 07

Cookies & Tracking

PrismNS uses a minimal cookie and tracking footprint. We do not run advertising networks or third-party analytics services.

  • Session Cookies: We set a single session cookie upon login. This cookie contains an authentication token used to identify your session. It expires when you log out or after a period of inactivity.
  • Local Storage: Your browser's local storage may hold UI preferences (such as theme or table sort settings). This data never leaves your device.
  • No Third-Party Trackers: We do not load Google Analytics, Facebook Pixel, Hotjar, or any other third-party tracking scripts on our platform.
  • No Advertising Cookies: We do not serve advertisements and do not use advertising cookies or cross-site tracking.

You can delete cookies at any time through your browser settings. Deleting the session cookie will log you out of the Service.

Section 08

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: You may request a copy of the personal data we hold about you. Much of this is already accessible directly through the account dashboard.
  • Correction: You may update your account information (email, username) at any time through the account settings page.
  • Deletion: You may request deletion of your account and associated personal data. Use the account deletion feature in the dashboard, or email us at support@prismns.com.
  • Data Portability: You may request an export of your DNS zone configurations and host records in a machine-readable format (JSON/CSV) by contacting support.
  • Opt-Out of Communications: You may unsubscribe from non-transactional emails at any time using the unsubscribe link in our emails. Transactional emails (billing receipts, security alerts) cannot be disabled while your account is active.
  • Restrict Processing: In certain circumstances, you may request that we restrict processing of your data while a dispute is being resolved.

To exercise any of these rights, contact us at support@prismns.com. We will respond to all requests within 30 days.

Section 09

Children's Privacy

The Service is not directed at children under the age of 18 and we do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@prismns.com and we will take steps to delete that information promptly.

Section 10

International Users

PrismNS is operated from the United States. If you are accessing the Service from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

European Union & EEA Users: If you are located in the EU or European Economic Area, your personal data is transferred to the US under appropriate safeguards. We rely on Standard Contractual Clauses (SCCs) with our infrastructure providers as a lawful transfer mechanism under the GDPR. You have the right to lodge a complaint with your local supervisory authority if you believe your data has been processed in violation of applicable law.

By using the Service, you consent to the transfer of your information to the United States and its processing there.

Section 11

Changes to Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

  • Send an email notification to the address associated with your account
  • Display a prominent banner in the Service dashboard
  • Update the "Last updated" date at the top of this page

Material changes will take effect 14 days after notification. Your continued use of the Service after that date constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

Section 12

Contact

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please reach out:

  • Email: support@prismns.com
  • Subject line: "Privacy Policy Inquiry" for faster routing
  • Response time: We aim to respond to all privacy-related requests within 5 business days

For data deletion or portability requests, please include your registered email address and a brief description of your request so we can process it efficiently.