Data minimization by default

We keep collection minimal. Client IP is used for anti-abuse controls and processed into a salted hash for rate-limiting. Test reports are accessed through signed short-lived tokens.

Stored data

Test ID, generated probe domains, resolver observations, and diagnostic scoring outputs.

Not stored as plain text

Raw client IP is not persisted as direct identity data in application records used for reporting.

Retention

Data retention is controlled by server-side configuration and may be adjusted for abuse prevention and operational integrity.

Security controls

Token-based access, request validation, and abuse throttling are enabled to reduce scraping and unauthorized report reads.