No. Logging is 100% opt-in. If you don't enable it, nothing is stored — not temporarily, not silently, not at all. When it's on, you choose what gets logged, how long it's kept, and where it's stored.
Yes. You can choose where your logs are stored, including privacy-forward regions like Canada or the EU. This helps you meet compliance requirements like GDPR, HIPAA, and internal data residency policies.
Yes. Control D supports real-time log streaming to SIEMs like Splunk, ELK, and others via syslog or webhook. You get structured, JSON-formatted logs — no extra parsing required.
Minimal. Logging happens server-side and doesn't slow down end-user queries. Your network won't notice — but your security team will.
Yes. You can enable logging per network, user group, device, or policy. Log everything or just high-risk segments — your call.
Yes. Logs include device, user, and network context so you know who made the query, not just what they queried.
When enabled, we log DNS queries (domain names), timestamps, device/user IDs, network metadata, and action taken (allowed/blocked). No content, payloads, or personal info outside of what's needed for attribution.
Yes. You control logging, retention, jurisdiction, and data flow. Control D is built with zero trust principles and supports strict policy enforcement. You'll stay on the right side of legal and internal audit.
Of course. Logging can be toggled off instantly. Data stops flowing, and you can purge existing logs on demand.