Skip to content

legal · privacy

Privacy policy

Last updated 2026-04-20. Short on purpose.

What we collect

  • Email address (always), organization name (optional), domain(s) you want to validate (optional), use-case description (optional) — all directly from you, on the signup form.
  • For paid tiers: name on account, billing address, last-four digits of the payment method (held by our payment processor; we never store full card numbers).
  • Technical data: IP address and user-agent at the moment of form submission (for anti-abuse only), approximate country (from the IP), timestamp.
  • Validation artifacts: the domain(s) you asked us to validate, the DNS records we observed during validation, the signed trust edges we issued.
  • Usage: requests you make to the validation API, timestamps, and the result (success / failure / error).

What we do not collect

  • We do not use third-party advertising or tracking pixels.
  • We do not sell, trade, or share personal data with third-party marketers.
  • We do not ask for your DNS credentials. DNS integrations are scoped to the minimum permission required.

Why we collect each piece

Email so we can email you. Organization and use case so we can prioritize waitlist access appropriately. Domain list so we can run the validation. IP and user-agent so we can stop abuse. Billing data so we can bill you. That's the whole argument.

Where it lives

Signup submissions live in Cloudflare Workers KV inside our account. Validation artifacts and issued trust edges live on the public Quidnug network, which is by design readable by anyone. Billing data lives with our payment processor.

How long we keep it

  • Signup submissions: until you ask us to delete them, or until we close out the waitlist batch, whichever comes first.
  • Account records: for the life of your subscription plus 90 days of grace after cancellation.
  • Validation artifacts: signed trust edges are on a public blockchain-like structure and cannot be unilaterally deleted; you can revoke them.
  • Technical logs: 90 days.

How to reach us

Email privacy@quidnug.com to see, correct, or delete your data. We reply to every request in under 14 days. GDPR, CCPA, and equivalent regimes apply; we treat everyone the same.

Open source

The protocol, the node, the SDKs, the website, and the validation Worker are all source-available under Apache 2.0. Anyone can audit what we do. The only thing we don't publish is the waitlist submissions themselves, for obvious reasons.