We, too, are privacy-conscious folks over at Control D HQ, so we know how important it is to be absolutely transparent about our data collection and retention policies. However, we are also pragmatists, and we don’t believe in sugarcoating or lies.
At Control D, we understand that there will always be a level of trust that is required for any service like this to function.
In this article, we’ll go over what we need to store for the service to work, as well as the particulars of browsing data storage should you _choose_ to activate our Analytics feature. We emphasize “choose”, because, at Control D, we empower you to have the choice and the control.
IP Management and Storage
Whether we store your IPs or not depends on what types of Devices you have set up in Control D, what physical gadgets you use them on, and what your privacy criteria are.
Legacy DNS
If you need to use Legacy DNS (sometimes the only option on older physical gadgets), Control D must store your source IP address(es) for the service to work.
Why? Well, due to IP exhaustion we only have a limited number of Legacy DNS resolvers, and when a query hits one of those resolvers, we need to know from which account the query came so we know what rules we should follow when resolving a query, like if you had blocked Facebook and tried to access facebook.com. This limitation does NOT apply to IPv6 resolvers, which are unique to every device.
Secure DNS (DoH, DoT, DoH3, or DoQ)
By contrast, if you are using Secure DNS, the above limitation does not apply since your resolver ID is unique. Simply do not toggle on the Auto Authorize IPs option when creating a Device and we won’t store your IP address(es).
This option is off by default when creating a Device for a physical gadget or browser that we know does not utilize Legacy DNS, like a Device created for use with Google Chrome, Android, iOS, MacOS, or Windows 11 (all of which use Secure resolvers).
Analytics
Naturally, if you choose to select either Some or Full Analytics on a Device, we do need to collect and store a small amount of your browsing data to be able to show you useful facts and figures in your Statistics and Activity Log sections (these two sections together make up “Analytics”).
When turning on Analytics for the first time, you’ll be given the option to select a Storage Region, which at the time of writing can be either North America, Asia, or Europe. The Storage Region is account-wide, and changing Storage Region at any time will give you the option to delete all data at your previous region.
You can always choose to delete your Analytics data for the Storage Region selected on your account by navigating to the Account Preferences section and choosing Clear All Analytics Data.
Granular Data
The most granular data stored by Control D in any circumstance is kept for a maximum of three days. This is only the case when you have selected Full Analytics for the Device in question. In this case, Control D stores the following information about each of the DNS queries made against your Control D Device’s resolvers:
- Domain name
- Date and time of query
- Protocol used
- DNS return code
- Type of record
- Action taken (blocked, bypassed, or redirected)
- Reason for action taken (Filter, Service, Custom Rule, Default Rule)
- Context for reason (which specific Filter, Service, Custom Rule, and if redirected, which location or IP it was redirected via)
- Source IP address
- Destination IP address/es
This data is what makes the Activity Log possible. We never store it unless you choose to select Full Analytics. It is impossible to see your browsing data in the Activity Log unless Full Analytics is selected for the Device being viewed for this exact reason: we respect you and your privacy.
Domain Data
The next category of data we can store with your explicit permission is the less granular data, kept for 1 month, which makes the Statistics: Full Analytics view possible (seen below). The granularity of this data is reduced to hourly, with no query timestamps. It comprises counts of domains resolved, actions taken, and associated metadata - like whether the action taken was due to a Custom Rule, Service, or Filter.
This is what is stored in this case for each DNS query you make against a Control D resolver:
- Domain name
- Date and time of query
- Action taken (blocked, bypassed, or redirected)
- Reason for action taken (Filter, Service, Custom Rule, Default Rule)
- Context for reason (which specific Filter, Service, Custom Rule, and if redirected, which location or IP it was redirected via)
- How many times the action occurred within one hour
Just the Numbers
The third and final category of browsing data that we keep to facilitate your use of the Analytics feature (should you opt into this) is kept for a year, or, of course, until you choose to clear your Analytics data either for that Device or for your chosen Storage Region on the account. This is the same data that is stored in all previous scopes if you have Some Analytics enabled (rather than Full Analytics) for the Device in question.
This is simply a count of the number of queries made, the days on which they were made, and whether they were Blocked, Bypassed, or Redirected. This data makes this view possible (available for Devices with either Some or Full Analytics selected).
Questions? Concerns?
We are always open to feedback at Control D and are proud to be extremely communicative with our user base. If you have any questions or would like us to clarify anything we’ve covered here, we would welcome the opportunity - you can contact us at help@controld.com, on our Discord, or at our Feedback Portal.