Privacy Policy

Last Updated: January 16, 2026

1. Introduction

This Privacy Policy explains how Hermes DNS ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you use our Service. We are committed to protecting your privacy and handling your data in an open and transparent manner.

2. Information We Collect

2.1 Information You Provide

When you register for and use our Service, we collect the following information:

  • Account Information: Username, first name, last name, email address, and password (encrypted)
  • Cloudflare API Keys: API keys and email addresses associated with your Cloudflare accounts
  • Domain Information: Domain names, zone IDs, and DNS configuration data
  • DNS Records: DNS record types, names, content, proxy status, and TTL values
  • Firewall Rules: IP addresses, firewall rule configurations, and security settings

2.2 Automatically Collected Information

We automatically collect certain information when you use our Service:

  • Log Data: IP addresses, browser type, operating system, access times, and pages viewed
  • Session Information: Login times, session duration, and authentication tokens
  • Usage Data: API requests, actions performed, and system interactions
  • Error Logs: Error messages, debugging information, and system performance data

2.3 Cloudflare API Data

Through your Cloudflare API keys, we access and process:

  • Zone information and domain settings
  • DNS records and configurations
  • Firewall rules and security settings
  • SSL/TLS certificate information
  • Analytics and usage statistics from Cloudflare

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision: To provide, maintain, and improve our automation services
  • Authentication: To verify your identity and manage your account access
  • Cloudflare Integration: To interact with Cloudflare's API on your behalf for domain management
  • DNS Management: To perform DNS record updates, additions, and deletions as requested
  • Firewall Management: To configure and manage firewall rules for your domains
  • Communication: To send you service-related notifications and updates
  • Security: To detect, prevent, and address security issues and fraudulent activity
  • Analytics: To analyze usage patterns and improve Service functionality
  • Compliance: To comply with legal obligations and enforce our Terms of Service

4. Data Storage and Security

4.1 Storage Location

Your data is stored in our secure database servers. We implement appropriate technical and organizational measures to protect your information.

4.2 Security Measures

We implement industry-standard security measures including:

  • Encryption: Passwords are encrypted using bcrypt hashing
  • Secure Connections: HTTPS/SSL encryption for data transmission
  • Access Controls: Role-based access control (admin and user roles)
  • Session Management: Secure session handling with timeout mechanisms
  • API Security: Secure storage and transmission of API keys
  • Database Security: Protected database access with authentication

4.3 Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. You may request deletion of your account and associated data at any time.

5. Data Sharing and Disclosure

5.1 Cloudflare

We share your API keys and domain information with Cloudflare to perform the services you request. This sharing is governed by Cloudflare's Privacy Policy and Terms of Service.

5.2 Third-Party Service Providers

We do not share your personal information with third-party service providers except as necessary to provide our Service or as required by law.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders or government agencies).

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

6. Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: You can access and review your personal information through your account settings
  • Correction: You can update and correct your information at any time
  • Deletion: You can request deletion of your account and associated data
  • Export: You can request a copy of your data in a portable format
  • Opt-Out: You can opt out of non-essential communications
  • API Key Management: You can add, update, or remove Cloudflare API keys at any time

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to maintain your session and improve your experience:

  • Session Cookies: Essential for authentication and maintaining your login state
  • Preference Cookies: To remember your settings and preferences
  • Security Cookies: To enhance security and prevent fraudulent activity

You can control cookies through your browser settings, but disabling cookies may limit your ability to use certain features of the Service.

8. Data Deletion and Account Termination

When you delete your account or when an administrator deletes your account:

  • Your user account and login credentials are permanently deleted
  • All associated API keys are removed from our database
  • All domains managed under your account are deleted
  • All DNS records associated with your domains are removed
  • All firewall rules are deleted
  • All session data is cleared
Important: Deleting your account in our system does not automatically delete your domains or DNS records from Cloudflare. You must manage your Cloudflare account separately.

9. Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information.

10. International Data Transfers

Your information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. By using our Service, you consent to this transfer.

11. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you via email within 72 hours of becoming aware of the breach, as required by applicable law. The notification will include:

  • The nature of the breach
  • The types of information affected
  • Steps we are taking to address the breach
  • Recommended actions you should take

12. Third-Party Links

Our Service may contain links to third-party websites or services (such as Cloudflare). We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Updating the "Last Updated" date at the top of this policy
  • Sending an email notification for material changes
  • Displaying a prominent notice in the application

Your continued use of the Service after such modifications constitutes your acknowledgment and acceptance of the updated Privacy Policy.

14. Your Consent

By using our Service, you consent to the collection, use, and sharing of your information as described in this Privacy Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through the support channels provided in the application.

16. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Legal Basis: We process your data based on your consent, contractual necessity, and legitimate interests
  • Data Portability: You have the right to receive your data in a structured, machine-readable format
  • Right to Object: You can object to processing of your personal data
  • Automated Decision-Making: We do not use automated decision-making or profiling
  • Supervisory Authority: You have the right to lodge a complaint with a data protection authority

17. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request information about the personal data we collect, use, and disclose
  • Right to Delete: You can request deletion of your personal information
  • Right to Opt-Out: You can opt out of the sale of personal information (we do not sell your information)
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights

Summary

We collect and use your information to provide Cloudflare automation services. We implement strong security measures to protect your data and will never sell your personal information to third parties. You have full control over your data and can request access, correction, or deletion at any time.