Privacy Policy

We follow minimal data collection principles and only collect information necessary to provide the service:

• Query requests: Domain names, IP addresses, ASNs you submit, used to execute lookups and briefly cache results (typically auto-expiring within 1 hour).
• IP address: Used for rate limiting (abuse prevention) and not stored in association with query content.
• Account information (if registered): Email address and encrypted password, used for account authentication and domain expiry reminder features.
• Language preference: Stored via cookie to remember your chosen interface language (e.g. Chinese/English) — no personal identification involved.

Collected information is used solely for the following purposes:

• Executing lookup requests and returning results.
• Improving query response speed through caching, reducing request frequency to WHOIS/RDAP registry servers.
• Implementing rate limiting to prevent service abuse.
• Sending domain expiry reminder emails (only for registered users who have enabled this feature).
• Analyzing anonymized service usage statistics (e.g. query volume trends) to improve service performance.

We do not sell, rent, or otherwise share your information with third parties for commercial purposes.

This platform uses a small number of cookies, all of which are functionally necessary and not used for tracking or advertising:

• NEXT_LOCALE: Stores your chosen interface language to maintain language preference across visits.
• next-auth.session-token (if logged in): Maintains your login session state and expires when the session ends.
• Query history (optional, localStorage): Stores recent queries locally in your browser — never uploaded to servers.

You can disable cookies via your browser settings, though this may affect language preferences and login functionality.

To provide lookup services, we send your query content (domain/IP/ASN) to the following third parties:

• RDAP servers: Official RDAP endpoints of domain registries (e.g. IANA, VeriSign), for retrieving domain registration data.
• WHOIS servers: TLD-specific WHOIS servers used as fallback when RDAP is unavailable.
• DNS resolution: Google, Cloudflare, Quad9, and AdGuard DoH services for DNS record lookups.
• IP geolocation services: Third-party APIs for IP address geolocation and ASN information.
• Domain pricing data: nazhumi.com, miqingju.com, for domain registration price references.
• Supabase (database): Stores user account and subscription reminder data on AWS servers overseas.
• Upstash / Redis (cache): Stores query result cache with automatic expiry — user data is not persisted.

• Query cache: Typically expires within 1 hour, maximum 24 hours.
• Rate limit counters: Automatically cleared by time window (typically 1 minute), not persisted.
• User account data: Deleted within 30 days of account deletion.
• Subscription reminder settings: Synced with the account and deleted upon account deletion.
• Anonymized statistics: May be retained in aggregated form for service improvement — contains no personally identifiable information.

You have the following rights regarding your data:

• Right to access: Request access to data we hold about your account.
• Right to rectification: Correct inaccurate information in your account.
• Right to erasure: Request deletion of your account and all associated data (also available directly in account settings).
• Right to data portability: Request export of your account data in a common format (e.g. subscription reminder list).
• Right to withdraw consent: Disable optional features such as email reminders at any time.

To exercise these rights or for any privacy-related questions, please contact us using the information below.

• All communications are encrypted using HTTPS/TLS.
• User passwords are encrypted using industry-standard algorithms (bcrypt) — raw passwords are never stored in any form.
• Database access is restricted to server-side only with no direct external database connections exposed.
• API endpoints implement rate limiting to prevent brute force attacks and abuse.
• Dependencies are regularly reviewed and updated to address known security vulnerabilities.