We only receive the domain name
When your device needs to visit a website, it first asks a DNS resolver "What's the IP address for this domain?" That's all we receive — just the domain name.
The page path (/watch?v=...), search queries, form data, login credentials,
and all content are sent directly to the website over HTTPS — they never pass through DNS.
What we collect vs. What we don't
We collect only the minimum data required for DNS resolution and security analysis. We have no technical capability to collect anything else.
We receive
- Domain name queried
- Your IP address
- Timestamp
- Query type (A, AAAA, etc.)
We never receive
- URL paths or pages visited
- Search queries
- Cookies or session data
- Form inputs or passwords
- Device fingerprints
- Browser or OS info
No user accounts. KahfDNS has no login, no registration, no email collection. We have no mechanism to link DNS queries to any individual person.
IP addresses are typically shared
The IP address we receive is typically not uniquely yours. ISPs and mobile carriers use NAT and CGNAT to share public IPs among multiple users.
Note: Some users may have static or dedicated IPs (typically businesses or premium plans). Even then, an IP address alone — without name, email, or account data — does not identify an individual. We have no mechanism to determine who is behind any IP address.
Logs are deleted within 48 hours
All DNS query logs are automatically and permanently deleted within 48 hours. We retain logs only long enough to detect attacks and improve blocking accuracy.
| Query Type | Logging | Purpose |
|---|---|---|
| Blocked domains | Full | Track threat blocking effectiveness |
| Malicious patterns | Full | Detect and analyze attacks |
| Errors & slow queries | Full | Debug infrastructure issues |
| Normal traffic | 5% sample | Aggregate traffic patterns only |
After 48 hours, logs are permanently deleted. No archives, no backups, no long-term storage.
GDPR & Your Rights
Under GDPR, "personal data" means information that can identify a specific individual. Since we have no user accounts and IP addresses are typically shared, we have no practical means to identify who you are.
Regardless, we follow privacy-by-design principles:
- Minimal data collection (domain + IP only)
- Automatic 48-hour deletion
- No third-party data sharing
- No data sales, ever
- Transparent practices (this page)
Data Access
No personal data stored — nothing to access
Data Deletion
Automatic 48h deletion — no request needed
Data Portability
No account exists — nothing to export
Opt Out
Stop using the service anytime — no account to close
Real-World Examples
Banking
"They can see my account balance, transactions, and transfer amounts"
mybank.com/accounts/checking?id=8842&action=transfer&amount=500
Just the bank's domain name — nothing about your accounts or activity
mybank.com
YouTube
"They know exactly which videos I watch and my viewing history"
youtube.com/watch?v=dQw4w9WgXcQ&list=PLrAXtmErZgOei
Just that you visited YouTube — not which videos, channels, or searches
youtube.com
Search
"They can see all my search queries, including sensitive health questions"
google.com/search?q=symptoms+of+anxiety+disorder
Just that you used Google — your search terms are invisible to us
google.com
Shopping
"They know what products I'm buying and my payment details"
amazon.com/dp/B09V3KXJPB?th=1&psc=1
Just that you visited Amazon — products, cart, and payment are encrypted
amazon.com
Messaging
"They can read my private conversations and see who I'm talking to"
"Hey, can you pick up milk on the way home?"
Just the app domain — messages are end-to-end encrypted
web.whatsapp.com
"They can read my emails, see subjects, and know my contacts"
Subject: Your order shipped! Body: Track at...
Just that you accessed Gmail — email content is TLS encrypted
mail.google.com
Questions?
We believe in transparency. If anything is unclear, reach out.
support@kahfguard.com