Privacy Policy

1. Introduction

This Privacy Policy explains how Artatol ("we", "us", or "our") collects, uses, and protects your personal information when you use ArtaDNS - a fast, modern DNS management dashboard for Cloudflare.

2. Information We Collect

2.1 Account Information

When you use ArtaDNS, we collect:

• Email address, username, password (encrypted)
• Organization name and account ID
• Account membership and role information

2.2 Cloudflare API Token Data

To provide DNS management services, we store:

• Encrypted Cloudflare API tokens: Your tokens are encrypted using AES-256-GCM before storage
• Token metadata: Token name (user-defined), token prefix (first 8 characters for identification)
• Cloudflare account information: Email, account ID, and account name from Cloudflare API verification
• Usage tracking: Last used timestamp, active status
• Creator information: User ID of who added the token

2.3 DNS Management Data

When you manage DNS records through ArtaDNS:

• Domain names (zones) accessed through your Cloudflare account
• DNS record operations (view, create, edit, delete)
• Bulk import data (temporary, processed immediately)

Note: We do NOT store your DNS records. All DNS data is fetched in real-time from Cloudflare API and modifications are made directly to your Cloudflare account.

2.4 Analytics and Usage Data

• Dashboard access logs
• Feature usage statistics (which domains accessed, operations performed)
• Technical data: IP addresses, browser type, device information
• Session data and authentication logs

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve DNS management services
• Authenticate and authorize access to your Cloudflare accounts via API tokens
• Display and manage DNS records on your behalf
• Process bulk DNS operations (imports, batch edits)
• Generate analytics dashboards showing Cloudflare statistics
• Manage multi-token support and token switching
• Track token usage and verify token validity
• Provide customer support and respond to inquiries
• Detect, prevent, and address security issues and abuse
• Comply with legal obligations

4. How We Interact with Cloudflare

ArtaDNS acts as an intermediary between you and Cloudflare:

• API Proxy: We use your encrypted API tokens to make requests to Cloudflare on your behalf
• No Data Storage: DNS records are NOT stored in our database - all operations are real-time API calls
• Read & Write: We request permissions to view, create, edit, and delete DNS records via Cloudflare API
• Analytics: We fetch analytics data from Cloudflare GraphQL API (last 24 hours, free tier)
• Your Control: You retain full ownership and control of your Cloudflare account and DNS data

Cloudflare processes your DNS data according to their own privacy policy. Please review Cloudflare's Privacy Policy for information on how they handle your data.

5. Data Storage and Security

We store your data on secure servers located in the European Union and implement appropriate technical and organizational measures:

• Database storage: PostgreSQL hosted on OVH Frankfurt, Germany (Kubernetes)
• Token Encryption: Cloudflare API tokens encrypted using AES-256-GCM with secure key management
• Password Security: Bcrypt hashing (one-way, not reversible)
• Data in Transit: TLS 1.3 encryption for all connections
• Data at Rest: AES-256 database encryption
• Access Control: Row-level security (RLS) on PostgreSQL
• Token Verification: Automatic validation against Cloudflare API upon addition
• Regular Audits: Security audits and monitoring

6. Data Sharing

We do not sell your personal information. We may share your information with:

• Cloudflare API: Your encrypted API tokens are used to access Cloudflare API on your behalf (required for DNS management functionality)
• Artatol Account: Authentication and access management (shared infrastructure)
• Service providers: OVH (database hosting, infrastructure), Cloudflare Proxy (security and performance for ArtaDNS application itself)
• Legal authorities: When required by law or to protect our rights
• Organization members: Account administrators can view token metadata (not plaintext tokens) within their organization

Note: ArtaDNS application traffic is routed through Cloudflare's reverse proxy for DDoS protection, WAF security, and performance optimization. This is separate from the Cloudflare API used for DNS management. Cloudflare proxy processes request metadata (IP addresses, User-Agent, cookies) as part of this security service.

7. Data Retention

We retain your data according to the following schedule:

• Account data: Retained while account is active
• Encrypted tokens: Retained while account is active or until manually deleted
• Usage logs: Retained for 90 days
• Session data: Expired automatically after inactivity
• Deleted accounts: All data anonymized or permanently deleted within 30 days

Important: Deleting your ArtaDNS account does NOT affect your Cloudflare account or DNS records. It only removes your encrypted tokens from our system.

You can request deletion of your data at any time by contacting us at [email protected].

8. Your Rights

Under GDPR and applicable data protection laws, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate personal data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Restriction: Object to or restrict processing of your data
• Portability: Receive your data in a structured, machine-readable format
• Withdrawal: Withdraw consent at any time
• Token Management: View, enable, disable, or delete your Cloudflare API tokens at any time
• Objection: Object to automated decision-making
• Complaint: Lodge a complaint with your local data protection authority

To exercise these rights, please contact us at [email protected].

9. Cookies and Tracking

ArtaDNS uses the following cookies:

• Essential cookies:
  • access_token - Authentication session (httpOnly, secure)
  • refresh_token - Session refresh token (httpOnly, secure, 30 days)
  • account_id - Current organization ID
• Preference cookies:
  • theme - Dark/light mode preference

Essential cookies are required for the service to function and cannot be disabled. You can manage preference cookies through your browser settings.

10. Third-Party Services

ArtaDNS integrates with the following third-party services:

• Cloudflare API: Required for DNS management functionality (REST API + GraphQL Analytics)
• Artatol Account SSO: Authentication service for single sign-on

These services have their own privacy policies. We are not responsible for their data practices.

11. International Data Transfers

Your data is primarily stored and processed in the European Union (AWS eu-west-1). When you use ArtaDNS to access Cloudflare services, data may be transferred to Cloudflare's global network. We ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions by the European Commission.

12. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last updated" date. For material changes, we will provide prominent notice or obtain consent where required by law.

14. Contact Us

If you have any questions about this Privacy Policy or want to exercise your data protection rights, please contact our Data Protection Officer: