1. When You Visit Our Website
2. When You Sign Up
We store the email address associated with your account and the date or registration. When you pay for a premium account, we store the transaction ID of your payment so we can track it down for refund purpose or fraud mitigation.
3. When You Use Our Service
When you use ControlD, we keep the following data associated with your account:
- Timestamp of your last activity in the control panel or apps
- Your source IP address which is required to make ControlD work
3.1 Source IP Storage Justification
Unlike a VPN, ControlD operates at the DNS layer, which means there is no way for you to supply your authentication credentials along with the request. In order for the DNS server to know who you are, so it can apply the correct rules, the only anchor we have is the source IP the request came from. This requirement is mitigated if you're using DNS-over-HTTPS or DNS-over-TLS resolvers. However, your source IP is still needed when communicating with our transparent proxies as it must be known to our firewall so access can be granted.
3.2 Privacy Implications
Even though we store the IP address associated with each account, the threat to user privacy is very limited. Typically, 3rd parties will supply a timestamp + IP address when requesting user data. The IP address will be that of the proxy that was used at the time (if one was using a proxy). At any given moment, there are hundreds or thousands of people that could be sharing the same IP address. Since ControlD does not keep logs of which proxy server IPs were used by which user, nor do we even have access to this data, we have no way to trace any activity to any individual account.
4. When you leave
If for some strange reason you decide not to use our service anymore, you can delete your account at any time in the "My Account" section. All data is immediately and permanently deleted from our database.
5. User Data Requests
Since we store the bare minimum for a customer to actually use our service, any request for user data that supplies an IP + timestamp would yield nothing of value as we do not store any historical logs on who used which IP address, and since IPs are shared by dozens/hundreds of people at any given moment, so we cannot tie any activity to a specific account. Much like any other service, if a valid Canadian subpoena includes the exact email associated with an account, we have no choice but to provide all details associated with the account. This data is limited to what was mentioned above.
6. Changes to Policy
We will do our best to avoid any changes, which includes moving the company to a different jurisdiction if required. If drastic policy changes are needed and we cannot continue providing service under the above mentioned terms, users with valid emails will be notified.