Security Policy ​
Effective Date: 20th January 2025
At UK DNS Privacy Project, we take the security of our services and users seriously. This Security Policy outlines the measures we take to ensure the safety and integrity of our DNS services.
Infrastructure Security ​
Data Centers: Our servers are hosted in secure, UK-based data centres with robust physical and network security controls.
Redundancy: We employ geo-redundant infrastructure to minimize downtime and ensure consistent availability.
Access Control: Access to our servers is restricted to authorized personnel only, with strict authentication mechanisms in place.
Encryption ​
DNS-over-TLS (DoT): All DNS queries using DoT are encrypted to protect them from eavesdropping and tampering.
DNS-over-HTTPS (DoH): DNS queries over DoH are secured using HTTPS protocols to ensure end-to-end encryption.
TLS Protocols: We use up-to-date TLS configurations and industry-recommended cipher suites to secure communications.
No Logging ​
As stated in our Privacy Policy, we do not log or store DNS queries or user data. This minimizes the risk of data breaches and unauthorized access to sensitive information.
System Monitoring ​
We continuously monitor our systems for unusual activity, potential threats, and unauthorized access attempts.
Automated alerts are in place to respond quickly to potential security incidents.
Incident Response ​
In the event of a security incident, we have a robust incident response plan to:
- Identify and contain the issue promptly.
- Mitigate potential risks and vulnerabilities.
- Notify users if their use of the service is impacted.
User Responsibility ​
While we strive to provide a secure service, users are encouraged to:
Use secure configurations when setting up DNS-over-TLS or DNS-over-HTTPS.
Keep their devices and networks updated with the latest security patches.
Vulnerability Disclosure ​
We welcome security researchers to report vulnerabilities responsibly. If you discover a security issue in our service, please contact us immediately at security@dnsprivacy.org.uk. We pledge to:
- Acknowledge your report promptly.
- Investigate and address the issue with urgency.
- Credit researchers who responsibly disclose vulnerabilities (with their permission).
Continuous Improvement ​
We regularly review and update our security measures to adapt to emerging threats and maintain the highest standards of protection.
Contact Us ​
For any questions or concerns about this Security Policy, or to report a vulnerability, please reach out to:
Email: security@dnsprivacy.org.uk