PuffinDNS — Terms of Use and Privacy Notice

1. Definitions

• Account: your profile enabling access to the Service.
• Subdomain: a hostname under a domain we control (e.g., name.puffindns.org).
• API: any programmatic interface we provide.
• Content: any data, records, DNS resource records, or materials you submit or publish via the Service.
• Applicable Law: laws of England and Wales, including the UK GDPR and Data Protection Act 2018.

2. Eligibility and Capacity

You must be 18+ and capable of entering into a binding contract. If you use the Service on behalf of another person or entity, you confirm you are authorised to bind them; "you" includes that person or entity.

3. Account Registration and Security

1. Provide accurate, current information and keep it updated.
2. Keep credentials and API tokens secure. You are responsible for all activity under your Account and tokens.
3. Notify us immediately of suspected unauthorised access.
4. We may suspend, lock, or delete Accounts or tokens we reasonably consider compromised, inactive for a prolonged period, or in breach of these Terms.

4. Subdomain Rules; Naming and Reassignment

1. Do not register Subdomains that infringe IP rights; impersonate others; mislead (e.g., imply official/government/bank status); or are abusive or unlawful.
2. Do not register your own or another person's real name without the relevant person's consent (if applicable).
3. Subdomains are revocable licences, not property. We may suspend, remove, redirect, or reassign any Subdomain at our discretion (including to mitigate abuse, resolve operational issues, comply with law, or reclaim abandoned names).
4. We may reserve or block categories of names (e.g., brand, high-risk, or system names).

5. Acceptable Use

You must not use the Service to:

1. distribute malware, phishing, botnets, spam or command-and-control infrastructure;
2. engage in illegal conduct (including copyright infringement, fraud, harassment, hate, or child sexual abuse material);
3. host, facilitate or link to material likely to bring PuffinDNS into disrepute;
4. probe, scan or test our systems except via any published security.txt channel;
5. circumvent rate limits, quotas, or authentication;
6. provide emergency, medical, aviation, nuclear, life-support or other high-risk uses where failure could result in death, personal injury, or environmental damage;
7. interfere with the Service or others' use of it.

We may remove records, disable Subdomains, throttle or terminate Accounts without notice where we reasonably believe these Terms are breached or risk is high.

6. Service Scope and Availability

1. The Service offers free dynamic DNS and related features; we may introduce paid plans later.
2. The Service operates on an "as is" and "as available" basis. No uptime, performance or support commitments are given unless we publish a separate SLA for a paid plan.
3. We may change, suspend, or discontinue features at any time.

7. Technical Particulars and Your Responsibilities

1. DNS is public by design. Subdomains and associated IP addresses (and other records) are publicly queryable, globally replicated, and may be cached by third parties beyond your deletion.
2. You are responsible for: choosing appropriate TTLs; securing your endpoints; operating any servers you point to via DNS; complying with third-party terms and network policies; and ensuring your Content is lawful.
3. We do not control reverse DNS or third-party resolvers. Propagation times vary.
4. We may automatically scan, log, and rate-limit traffic and API usage to detect abuse and maintain stability.

8. API and Fair Use

1. Use our API only as documented. Respect authentication, request limits and quotas (which we may change).
2. Do not resell, sublicense, or operate a competing DNS service using our free tier.
3. We may throttle or revoke API access to protect the Service.

9. Intellectual Property

1. We and our licensors retain all rights in the Service, software, documentation, and branding.
2. We grant you a limited, revocable, non-exclusive, non-transferable licence to use the Service as intended for its normal operation.
3. You grant us a worldwide, non-exclusive licence to process your Content only to provide and protect the Service. You warrant you have all rights needed to provide the Content.

10. Third-Party Content and Links

We are not responsible for third-party sites, networks, services or caches you access via the Service. Use them at your own risk and comply with their terms.

11. Notice and Takedown (IP and Abuse)

For detailed information about reporting copyright, trade mark, or abuse issues, please see our DMCA & Abuse Policy.

1. For copyright, trade mark or other IP complaints, or abuse reports (malware, phishing, etc.), email contact[at]puffindns[dot]org with sufficient detail (reporter identity, rights asserted, exact Subdomain/record, evidence, and requested action).
2. We may remove or disable Content or Subdomains in our discretion and may notify the user where lawful and appropriate.

12. Fees (if introduced later)

If we introduce paid plans: (a) fees are payable in advance; (b) we may change pricing on notice for subsequent terms; (c) taxes are additional; (d) failure to pay may result in suspension or deletion.

13. Term; Suspension; Termination

1. You may close your Account at any time.
2. We may suspend or terminate the Service or your Account immediately where we reasonably consider risk, abuse, non-payment (if applicable), legal requirement, or material breach.
3. On termination, your right to use the Service ceases. We may delete your records after a reasonable period; DNS caches may persist beyond our control.
4. Sections intended to survive (including 7, 9, 11, 14–18, and Privacy sections on retention and rights) survive termination.

14. Warranties and Disclaimers

1. You use the Service at your own risk.
2. To the fullest extent permitted by law: we exclude all warranties, conditions and representations (express or implied), including merchantability, fitness for a particular purpose, and non-infringement.
3. You acknowledge that DNS is inherently distributed and subject to third-party caching, outages, and manipulation beyond our control.

15. Liability

1. Nothing in these Terms limits or excludes liability for death or personal injury caused by negligence, fraud or fraudulent misrepresentation, or any other liability that cannot lawfully be limited or excluded.
2. Free use. For access to and use of the Service provided without charge, we exclude all liability arising out of or in connection with the Service to the maximum extent permitted by law. If and to the extent that such exclusion is found unenforceable, our aggregate liability in any 12-month period shall be limited to £100.
3. Paid plans (if applicable). For any paid plan, our aggregate liability in any 12-month period shall be limited to the greater of (a) the total fees you paid to us for the Service in that period, and (b) £100.
4. We shall not be liable for: loss of profit, revenue, business, goodwill, or data; loss or corruption of DNS records or caches held by third parties; or any indirect or consequential loss, in each case to the extent permitted by law.
5. You acknowledge that DNS is public, globally cached and dependent on third-party resolvers outside our control; propagation delays and persistence of third-party caches are not our responsibility.

16. Indemnity

You shall indemnify and hold us (and our directors, employees and suppliers) harmless from claims, damages, costs and expenses (including reasonable legal fees) arising from: (a) your Content; (b) your use of the Service in breach of these Terms or law; or (c) any claim that your Subdomain infringes rights of others.

17. Changes to these Terms

We may update these Terms. For material changes, we will provide reasonable notice (e.g., email or site banner) and indicate the new effective date. Continued use after the effective date constitutes acceptance.

18. General

1. Governing law & forum: England and Wales; courts of England and Wales have exclusive jurisdiction.
2. Force majeure: We are not liable for events beyond our reasonable control.
3. Assignment: You may not assign without our consent; we may assign these Terms.
4. Severability: If a term is unenforceable, the rest remains in effect.
5. Entire agreement: These Terms are the entire agreement regarding the Service.
6. No waiver: Failure to enforce is not a waiver.
7. Third-party rights: No third party has rights under the Contracts (Rights of Third Parties) Act 1999 to enforce these Terms.
8. Notices: We may contact you via your Account email or by posting on our website. You may contact us at contact[at]puffindns[dot]org.

Controller: NIXR LTD, 62 California Close, Colchester, UK.
Contact for privacy: contact[at]puffindns[dot]org.
We are not required to appoint a Data Protection Officer.

1. Personal Data We Process

• Account data: email address, password hashes/auth tokens, account metadata, preferences.
• Service/technical data: IP addresses, DNS update payloads and logs, API usage, user agent, timestamps, security and fraud signals, operational telemetry.
• Content data: DNS records you create (e.g., A/AAAA/CNAME/TXT). DNS records are public and globally cached.
• Support data: messages and attachments you send us.
• Payment/billing data (if paid plans): transaction identifiers, amounts, billing address (via our payment processor).

2. Purposes and Lawful Bases

• Provide and operate the Service; account administration; essential communications — Contract (UK GDPR Art. 6(1)(b)).
• Security, abuse detection, fraud prevention, rate-limiting, service analytics limited to operations, troubleshooting — Legitimate interests (Art. 6(1)(f)); our interests are maintaining a safe and reliable DNS service.
• Compliance with legal obligations (e.g., responding to lawful requests, tax/records for paid plans) — Legal obligation (Art. 6(1)(c)).
• Optional communications (e.g., marketing or beta invites) — Consent (Art. 6(1)(a)), which you can withdraw at any time.

No decisions are made based solely on automated processing that produce legal or similarly significant effects.

3. Cookies and Similar Technologies

We set only strictly necessary cookies for authentication and session management (for example, to keep you signed in and protect your Account). We do not use analytics, advertising, or other non-essential cookies.

Because these cookies are strictly necessary for a service you request, we do not seek consent and do not display a cookie banner (consistent with UK PECR).

Typical lifetimes:

• Session cookies: expire when you close the browser.
• Persistent auth/session cookies: limited lifetimes to support re-authentication and security.

Your browser settings allow you to block or delete cookies, but the Service may not function without these cookies.

4. Disclosures and International Transfers

We may share personal data with:

• Service providers (e.g., hosting, security, logging, email delivery, payment processing) under contracts requiring confidentiality and appropriate safeguards;
• Law enforcement or regulators where required by law;
• Successors in the event of a merger, acquisition or restructuring.

DNS data is globally resolvable and cached by resolvers worldwide; this is an inherent international transfer outside the UK. Other transfers to suppliers outside the UK/EEA are protected by appropriate safeguards (e.g., the UK Addendum to the EU Standard Contractual Clauses) where required.

5. Data Retention

• Account data: retained while your Account is active and for up to 24 months after closure (or longer where required for legal, tax or dispute purposes).
• Service/technical logs: typically 12 months to ensure security and abuse investigation; longer where incidents require.
• Billing records (if paid): 7 years to meet tax/accounting obligations.
• Support tickets: up to 36 months from last interaction.
• DNS records: public by design; third-party caches may persist after you delete records and are outside our control.

6. Your Rights

Subject to legal limits, you have the rights to access, rectify, erase, restrict, object, and data portability. Where processing relies on consent, you may withdraw consent at any time.

To exercise rights, email contact[at]puffindns[dot]org.

You may complain to the UK Information Commissioner's Office (ICO) if you are unhappy with how we handle your data.

7. Security

We implement appropriate technical and organisational measures proportionate to risk (including encryption in transit, access controls, least-privilege and logging). No system is perfectly secure; you should secure your devices, tokens and endpoints.

8. Children

The Service is not intended for individuals under 18. Do not create an Account if you are under 18.

9. Changes to this Notice

We may update this Privacy Notice from time to time. Material changes will be notified reasonably in advance where practicable.