Privacy Policy
Privacy Policy
Last updated: January 14, 2026
le_dns is committed to protecting your privacy. This policy explains what personal data we process, how we process it, and your rights under the General Data Protection Regulation (GDPR).
1. Data Controller
Maiko BOSSUYT Entrepreneur Individuel (EI) Commercial name: le_dns SIRET: 83418091100036 Contact: privacy@ledns.eu
2. Data We Process
2.1. Public DNS Resolver Service
When you use our DNS resolver (ledns.fr, ledns.eu, ledns.tech, ledns.cloud), we process:
| Data Type | What We Collect | Retention |
|---|---|---|
| Source IP Address | Truncated (pseudonymized): IPv4: /16 prefix only (e.g., 192.168.x.x → 192.168.0.0) / IPv6: /48 prefix only (first 48 bits) | 7 days (operational logs) / 31 days (aggregated metrics) |
| Query Metadata | Query type (A, AAAA, etc.), timestamp, response code | 7 days |
| User-Agent (DoH only) | HTTP User-Agent header when using DNS-over-HTTPS | 7 days |
| Domain Names (Queried) | NOT LOGGED - We do not log domain names you query | N/A |
2.2. Secondary DNS Hosting Service
When you register for secondary DNS hosting at ledns.eu/zones, we process:
| Data Type | What We Collect | Retention |
|---|---|---|
| Email Address | For account creation and notifications | While account is active |
| Domain Names | Zones you register for hosting | While service is active / 30 days after deletion |
| Primary DNS Server IP | IP address of your primary DNS server for zone transfers | While zone is active |
| TSIG Keys | Authentication keys for secure zone transfers | While zone is active / 30 days after deletion |
| API Keys | Hashed API keys for authentication | Until manually reset |
3. How We Process Your Data
3.1. IP Address Truncation (Pseudonymization)
IP address truncation happens at the edge (Traefik reverse proxy for DoH, dnsdist for DNS/DoT/DoQ) before any logging occurs. Backend services never see your full IP address.
Why “pseudonymization” not “anonymization”? Under GDPR Article 4(5), pseudonymization means data is still considered personal data but with reduced identifiability. A /16 IPv4 prefix can still identify an organization or ISP, so we’re legally accurate by calling it pseudonymization.
3.2. Purpose of Processing
- Operational logs (7 days): Abuse detection, DDoS mitigation, debugging, service improvements
- Aggregated metrics (31 days): Query volume statistics, performance monitoring, capacity planning (no individual tracking)
- Secondary DNS data: Providing zone hosting service, zone transfer authentication
3.3. Legal Basis (GDPR Article 6)
- Public Resolver: Legitimate interest (Article 6(1)(f)) - We have a legitimate interest in operating a secure, abuse-free DNS service. Your rights are not overridden as we minimize data collection and use pseudonymization.
- Secondary DNS: Contract performance (Article 6(1)(b)) - Processing is necessary to provide the service you requested.
4. Data Sharing & Processors
4.1. Infrastructure Providers (Sub-Processors)
We use the following EU-based hosting providers:
- OVHcloud (France)
- Scaleway (France)
- Hetzner (Germany)
All data remains within the European Union. No data is transferred to third countries.
4.2. No Third-Party Sharing
We never sell, rent, or share your data with third parties for marketing purposes. Data is only disclosed when:
- Required by law (court order, legal obligation)
- Necessary to prevent harm (e.g., ongoing DDoS attack)
5. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Operational logs (pseudonymized IP, metadata) | 7 days | Abuse detection, debugging |
| Aggregated metrics (no PII) | 31 days | Performance monitoring |
| Secondary DNS account data | While account active | Service provision |
| Deleted zones (archive) | 30 days | Accidental deletion recovery |
6. Your Rights (GDPR Articles 15-22)
You have the following rights regarding your personal data:
- Right to Access (Art. 15): Request a copy of your data
- Right to Rectification (Art. 16): Correct inaccurate data
- Right to Erasure (Art. 17): Request deletion of your data (“right to be forgotten”)
- Right to Restriction (Art. 18): Limit how we process your data
- Right to Portability (Art. 20): Receive your data in a machine-readable format
- Right to Object (Art. 21): Object to processing based on legitimate interest
How to Exercise Your Rights
Email us at privacy@ledns.eu with your request. We will respond within 30 days (GDPR Article 12(3)).
Note for DNS Resolver users: Due to IP pseudonymization, we cannot identify individual users from DNS query logs. If you want to stop data processing, simply stop using our resolver.
7. Cookies & Tracking
We use NO cookies and NO tracking. This website and our DNS services do not use:
- Analytics cookies (no Google Analytics, no Matomo, no tracking)
- Advertising cookies
- Third-party scripts (no CDNs, no external fonts)
The only cookies used (if any) are strictly necessary session cookies for the Secondary DNS management interface, which expire when you close your browser.
8. Data Security
We implement appropriate security measures (GDPR Article 32):
- Encryption: TLS 1.2+ for all HTTPS/DoH/DoT traffic, DNSSEC for zone integrity
- Access Control: Role-based access, SSH key authentication
- TSIG Authentication: HMAC-SHA256 keys for zone transfers
- Regular Updates: Security patches applied promptly
- Rate Limiting: DDoS protection, abuse mitigation
9. Data Breach Notification
In the event of a data breach affecting your personal data, we will:
- Notify the relevant supervisory authority within 72 hours (GDPR Article 33)
- Notify affected individuals if the breach poses a high risk (GDPR Article 34)
- Contact: security@ledns.eu
10. Children’s Privacy
Our services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, contact us immediately at privacy@ledns.eu.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last updated” date. For Secondary DNS customers, we will notify you via email of material changes.
12. Complaints & Supervisory Authority
If you believe we are not processing your data in accordance with GDPR, you have the right to lodge a complaint with your local data protection authority:
- France (CNIL): www.cnil.fr
- EU-wide list: edpb.europa.eu
13. Contact Us
Data Protection Contact: Email: privacy@ledns.eu General support: support@ledns.eu Security issues: security@ledns.eu