Privacy Policy
Last updated: July 2026. Plain-English version — no legal jargon, no dark patterns.
The short version
- We don't run ads and we don't sell data — there is nobody to sell it to.
- We don't require an account. There is no user profile to leak.
- Client-side tools (hashing, JWT, QR, password strength) never send your input to us.
- Server-side tools (DNS, WHOIS, IP lookups) send the input to Cloudflare Workers, run the query, and return the result. We don't retain the payload.
What we collect
Standard web-server logs: IP address, User-Agent, timestamp, requested URL, HTTP status and response time. These are used for abuse prevention, capacity planning, and debugging. Logs are retained for up to 30 days and are never joined to a personal identity because we don't collect one.
Cookies
We use a single first-party cookie to remember your theme (light/dark) and language preference. No third-party cookies. No advertising cookies. No cross-site tracking.
Analytics
We use privacy-friendly, cookieless analytics that record aggregate pageviews and referrers only. Individual sessions cannot be reconstructed and IP addresses are hashed before being written to disk.
Third parties
Hosting: Cloudflare (edge network, DDoS protection). Have I Been Pwned queries use k-anonymity so only the first five characters of a SHA-1 hash leave your browser. crt.sh queries expose the domain you searched for to the Certificate Transparency log operator.
Your rights
Because we don't build user profiles there's very little data to request, correct or delete. If you believe an IP-linked log entry needs removing under GDPR / CCPA, email privacy@dnsblade.com with the approximate timestamp and we'll purge it.
Changes
If we make material changes to this policy we'll bump the date at the top and note the change in the changelog.