Cisco Umbrella

Enterprise network security

Spotlight

A better privacy policy

By David Ulevitch, Founder/CEO

Writing a Privacy Policy is hard work. A part of me would love to just have a Privacy Policy that says, “We won’t do anything stupid” — Just like I’d love a Terms of Service that says “Don’t do anything stupid.” Unfortunately, the lawyers and the laws of many countries won’t let us get away with that, so the next best thing is to have a Privacy Policy that is clear, specific, and easy to read. With that in mind, we’ve updated our Privacy Policy to be much more specific about what we do and what we do not do with data supplied by our customers.
The new policy is a big improvement from our current policy and I think it goes a long way in clarifying to our users what happens with their data. Like our always-improving service, our Privacy Policy is a living document that will continue to be updated over the years to more accurately reflect the business we are in and to respond to the important privacy concerns of the day. Here are some of the important changes in the document:

  • We are switching over to a new stats collection system (hadoop-based) and so we are now storing raw DNS logs for longer periods of time. The time we store them now is variable (based on disk space) but right now is about a month. Since it’s likely to change over time, we are now clear in communicating that we retain data like this for a longer period of time.
  • We’ve updated the language to clarify that using the OpenDNS service does provide us with personally identifiable information, since it provides us with your IP address, which is considered personally identifiable information.
  • We added explicit language to communicate that we do not share, sell or rent access to our customer DNS queries. The obvious exceptions are when we need to share data in order to provide a service you have asked for or that we require to run our service, or when we have to satisfy a legal mandate. But nobody can come to us and purchase a raw feed of the customer DNS traffic, we just aren’t interested in that business.
  • Separate from the DNS queries, OpenDNS works with vendors and partners to provide services to us (i.e. network monitoring software, email newsletter management) and to you (i.e. malware researchers). To perform these services we sometimes need to share specific pieces of personal information with them. We’ve clarified when we do this and have explained that all are doing so at our request and are limited in their scope.

You should read and understand our new Privacy Policy, as I’ve only summarized pieces of it above. Here’s a link to our new Privacy Policy. The new policy is effective beginning today.
I hope that this new policy better clarifies how we protect and respect your data as you use our service. If you have questions you can always contact your account manager or our customer support team.