Privacy Policy
Nantevo, Inc. · Effective April 20, 2026 · Version 1.0
- We log DNS query telemetry — timestamp, authenticated client ID, queried domain, response code, latency, and threat classification. This is what enables blocked domain event lists, incident forensics, and RoCi's security analysis.
- We never sell, share, or disclose your DNS telemetry to any third party for any purpose.
- We never use your DNS data for advertising, behavioral profiling, or anything outside of delivering and securing the service you've contracted for.
- Our dashboard uses magic-link authentication — no passwords are ever stored.
- On-premise appliance customers: DNS query data never reaches our servers. Only anonymized RoCi threat signal metadata is transmitted outbound.
- You can request deletion of your account data and telemetry at any time by contacting us.
- If something in this policy is unclear, email [email protected] — we read and respond personally.
Scope and applicability
This Privacy Policy applies to:
- The Nantevo Protective DNS platform, including all cloud-hosted resolver infrastructure
- The Nantevo client dashboard and administrative portal at nantevo.com
- MDM configuration profiles generated and distributed by Nantevo
- Communications between Nantevo and its customers, prospective customers, and website visitors
This policy does not apply to on-premise appliance deployments with respect to DNS query content — that data is processed entirely within your infrastructure and is not accessible to Nantevo. See Section 09 — On-Premise Deployments for the specific data flows applicable to appliance customers.
Nantevo, Inc. is the data controller for personal data processed under this policy. Our principal place of business is in the San Francisco Bay Area, California, United States.
DNS telemetry data
The core function of the Nantevo platform is to authenticate, resolve, filter, and monitor DNS-over-HTTPS queries on behalf of enrolled client devices. This necessarily involves processing DNS query data. The following table describes precisely what is and is not collected.
| Data element | Collected? | Purpose |
|---|---|---|
| Query timestamp | Yes — default | Behavioral baseline modeling, incident forensics, audit trail |
| Authenticated Client ID | Yes — default | 1:1 device attribution, per-client telemetry, RoCi behavioral scoring |
| DNS response code | Yes — default | Threat detection (NXDOMAIN cascades), resolution health monitoring |
| Query response latency | Yes — default | Performance monitoring, SLA verification, dashboard metrics |
| Threat classification | Yes — default | Incident logging, RoCi model feedback, security reporting |
| Queried domain name | Yes — default | Blocked domain event lists, RoCi DGA entropy scoring, per-client behavioral baselines, incident forensics. Essential to the security function of the platform. |
| Source IP address | Not retained | Used transiently for routing only. Not logged or stored in telemetry records. |
| DNS payload content | Never | Not applicable. DoH transport encrypts the full DNS payload end to end. |
DNS telemetry is processed for the following purposes only: delivering the DNS resolution and filtering service, detecting and remediating security threats, providing per-client security telemetry to authorized administrators, and maintaining the reliability and performance of the platform. It is never processed for advertising, behavioral profiling, or any commercial purpose beyond the contracted service.
The legal basis for processing DNS telemetry is the performance of a contract — specifically, the service agreement between Nantevo and the customer organization. For prospective customers during trial or proof-of-concept deployments, the legal basis is legitimate interest in demonstrating the service.
Account and contact data
When an organization becomes a Nantevo customer, we collect and process the following account information:
- Administrator contact information: Name and work email address for account administrators. Used for service communication, incident notifications, and authentication.
- Organization name and billing details: For contract and invoicing purposes. Payment card data is handled exclusively by our payment processor (Stripe) and is not stored on Nantevo infrastructure.
- MDM profile configuration: The per-client policy settings and credential parameters configured during enrollment. This is operational data, not personal data in the traditional sense, but we treat it with equivalent care.
Account data is retained for the duration of the customer relationship and for a period of 90 days following account closure, after which it is deleted. Billing records are retained as required by applicable law and accounting standards.
Website and marketing data
When you visit nantevo.com, we collect standard web server access logs — IP address, browser type, referring URL, and pages visited. These logs are used for security monitoring and basic traffic analysis. They are retained for 30 days and are not shared with third parties.
When you submit a demo request or contact form, the information you provide — name, email, organization, fleet size, and any context you choose to share — is used to respond to your inquiry and schedule a demonstration. It is not added to marketing lists without explicit consent and is not shared with third parties.
Nantevo does not use tracking pixels, behavioral advertising cookies, or third-party analytics services that track individuals across sites. We do not run advertising campaigns that retarget website visitors. Nantevo products are ad-free and our business model is subscription revenue, not data monetization.
We use a minimal set of technically necessary cookies to maintain session state in the dashboard. No persistent tracking cookies are set on the marketing site.
Data sharing
We do not sell your data. We do not share your DNS telemetry, account data, or any personal information with third parties for their own purposes — advertising, analytics, research, or otherwise. This is not qualified by exceptions or carved out for affiliates. It is a hard constraint on how we operate.
The limited circumstances in which data may be disclosed to third parties are:
- Service providers acting on our behalf: We use a small number of vendors to operate the business — cloud hosting infrastructure, payment processing (Stripe), and email delivery. These providers process data only as necessary to provide their service to us and are contractually prohibited from using it for any other purpose.
- Legal requirements: If required by applicable law, court order, or governmental authority, we may be compelled to disclose information. We will notify affected customers of such requests to the extent permitted by law, and we will limit disclosure to the minimum required.
- Business transfers: In the event of a merger, acquisition, or sale of substantially all assets, customer data may transfer to the acquiring entity. We will provide notice before any such transfer occurs and will require the acquiring entity to honor the commitments in this policy.
In all cases, DNS telemetry — the records of what domains your enrolled devices have resolved — is treated as the most sensitive category of data we hold and receives the highest level of protection. It is never included in any disclosure beyond the legal requirement category above, and even then only in response to lawful orders targeting specific accounts.
Retention and deletion
Nantevo applies the following default retention periods. Enterprise customers can configure custom retention windows as part of their service agreement — including shorter windows for privacy-sensitive environments and longer windows for compliance requirements.
| Data category | Default retention | Configurable? |
|---|---|---|
| DNS query telemetry (full record) | 90 days | Yes — per account |
| RoCi incident records | 12 months | Yes — per account |
| Account administrator data | Duration of contract + 90 days | No |
| Billing records | 7 years (tax compliance) | No — legal requirement |
| Website server logs | 30 days | No |
| Demo request / contact submissions | 2 years or until deletion requested | On request |
To request early deletion of any data category, contact [email protected] with your account identifier and the data category you wish to have deleted. We will confirm deletion within 30 days.
Data security
DNS telemetry and account data are protected by controls appropriate to the sensitivity of the information:
- All DNS query traffic is encrypted in transit using TLS 1.3 via the DoH transport. No plaintext DNS is processed at any stage.
- Dashboard authentication uses magic-link tokens rather than passwords — eliminating password-based credential compromise as an attack vector.
- Resolver infrastructure runs within isolated jail or container environments. Components are separated by function and network policy.
- TLS certificates for DoH endpoints rotate automatically on a 60-day cycle with monitoring alerts 14 days before any expiration.
- Credential pairs (endpoint subdomain + ClientID) are generated using Python's
secretsmodule backed by the OS CSPRNG. Each field carries approximately 129 bits of entropy. - Access to production infrastructure and customer data is restricted to personnel with a need to access it for service delivery or incident response.
Despite these controls, no system is completely immune to security incidents. In the event of a breach affecting customer data, we will notify affected customers within 72 hours of becoming aware of the incident — consistent with GDPR notification requirements and general best practice — including the nature of the incident, the data affected, and the steps being taken to contain and remediate it.
Our full security posture, including responsible disclosure process and penetration testing coordination, is documented at nantevo.com/security.
On-premise deployments
Customers deploying the Nantevo virtual appliance within their own data center or private cloud infrastructure operate under a fundamentally different data model. In on-premise deployments:
- DNS query data never reaches Nantevo servers. All DNS resolution occurs within your infrastructure. The domain names your devices resolve and all associated query telemetry remain within your network boundary at all times.
- Only anonymized RoCi threat signal metadata is transmitted outbound. This consists of aggregated behavioral indicators used to update RoCi's threat intelligence model — not query records, not domain names, not device identifiers.
- You are the data controller for DNS resolution data. Nantevo acts as a data processor only with respect to the threat signal metadata described above. Your organization's own privacy policies and data governance practices govern the DNS resolution data that stays within your infrastructure.
The credential pair used to authenticate your appliance to Nantevo management services (for software updates and RoCi signal synchronization) is treated with the same security controls as cloud-deployment credentials.
Your rights
Depending on your jurisdiction, you may have the following rights with respect to personal data we hold about you. We honor these rights regardless of whether they are legally mandated in your specific location — we think they represent the right way to treat the people whose data we hold.
- Access: You can request a copy of the personal data we hold about you, including your account data and the categories of telemetry we process on behalf of your organization.
- Correction: You can request correction of inaccurate personal data — primarily account administrator information.
- Deletion: You can request deletion of your personal data and, for cloud deployments, associated DNS telemetry. We will complete deletion within 30 days and confirm in writing.
- Portability: You can request an export of your account data and telemetry records in a machine-readable format (JSON).
- Restriction: You can request that we restrict processing of your data while a dispute about its accuracy or lawfulness is being resolved.
- Objection: You can object to processing based on legitimate interest. For service delivery processing under contract, objection may result in service termination — we will be clear about this before acting.
To exercise any of these rights, contact [email protected]. We will respond within 30 days. We may ask you to verify your identity before fulfilling a request — we will do this in the least intrusive way possible, typically by confirming from your registered email address.
If you are located in the European Economic Area or United Kingdom, you have the right to lodge a complaint with your local data protection authority if you believe we have handled your data unlawfully. We would prefer the opportunity to address your concern directly first — please contact us before filing a complaint and we will respond promptly.
Children
Nantevo is an enterprise security platform. We do not knowingly collect personal data from individuals under 18 years of age. Our services are contracted with organizations, not individuals, and are not directed at children.
If Nantevo's DNS filtering is deployed by an educational institution to protect student devices, the institution is the data controller for any DNS telemetry generated by those devices. Nantevo's role is that of a data processor. Educational institutions deploying Nantevo for student device protection should ensure their own privacy policies and any applicable regulations (COPPA, FERPA, CIPA) are appropriately addressed in their service agreement with us. Contact [email protected] to discuss education-specific deployment configurations.
Policy changes
We will notify active customers of material changes to this privacy policy by email at least 30 days before the change takes effect. The effective date at the top of this page reflects the most recent revision.
Changes that expand the categories of data collected, add new sharing arrangements, or reduce customer rights will be treated as material changes requiring 30-day advance notice and, where applicable, renewed consent. Changes that are purely administrative — correcting typos, improving clarity, updating contact information — may be made without advance notice.
The current version of this policy is always available at nantevo.com/privacy. We do not maintain a public changelog for this document, but customers can request a summary of changes between versions by contacting [email protected].
Contact
For any questions, concerns, or requests related to this privacy policy or your personal data, contact us at:
Privacy inquiries
Nantevo, Inc.
San Francisco Bay Area, California, United States
Email: [email protected]
General: [email protected]
Enterprise: [email protected]
Security: [email protected]
We respond to all privacy inquiries personally — not with automated responses. Typical response time is one business day. For urgent matters related to a suspected data breach or data subject rights request requiring immediate action, note "URGENT — PRIVACY" in your subject line.
For vendor privacy assessment questionnaires, security posture documentation, or data processing agreements (DPAs), email [email protected] with your organization name and the documents required. We have standard DPA templates available and can accommodate custom DPA requirements from enterprise customers.