Privacy
Privacy Policy
Effective date: July 3, 2026.
This Privacy Policy describes how ZoneProof handles information collected through the public website, public API surfaces, and public MCP endpoints.
1. What ZoneProof does
ZoneProof publishes machine-readable trust metadata about DNS namespaces and related records. Most of the public service is designed to expose structured information for retrieval by software and humans, rather than to operate as a consumer account system.
2. Information we may collect automatically
When you access public pages or endpoints, ZoneProof may collect standard operational request data such as IP address, request path, query parameters, user agent, referrer, response status, timestamps, and similar network or application log information.
- Server and application logs for public pages,
/.well-knownresources, schema routes, and MCP routes. - Operational metrics related to tool calls, endpoint usage, latency, failures, and abuse prevention.
- Referral or impression data generated by public badge, redirect, or attribution flows where those are enabled.
3. ZoneProof Verified Links and badges
ZoneProof search and verification results include tracking links (for example, links formatted as zoneproof.org/r/[domain]) and a badge or icon that may appear alongside verified results, including when those results are displayed inside a third-party AI assistant, agent, or application.
When a ZoneProof Verified Link is clicked, we record: the associated domain, the destination URL, an optional source identifier (indicating the site, app, or integration the click came from), referrer, user agent, IP address, and a timestamp.
When a badge or icon is displayed to a viewer, we record an impression: the associated domain, the badge asset URL, an optional source identifier, referrer, user agent, IP address, and a timestamp. Impression tracking uses a lightweight request triggered when the badge or icon renders.
This click and impression data is used to measure engagement with verified records, support ZoneProof's verification and attribution model, detect abuse, and inform product and namespace coverage decisions. It is not used to build advertising profiles.
We do not require an account or login to generate this data. Each record is tied to request-level identifiers (such as IP address and user agent) rather than a persistent user profile, except where an operator of an integrating application separately provides user context to us.
On a periodic batch basis, typically within one week of collection, we use the IP address on each click and impression record to infer a coarse country and state/region, then remove the raw IP address from the record. The resulting geographic data is retained and may be shared in aggregate with the relevant TLD namespace partner (for example, so a .bank or .cpa registry operator can see which states or regions are generating referrals to verified domains in their namespace). This aggregate reporting does not identify individual visitors.
4. Information published as part of the service
ZoneProof may publish records about namespaces, registries, operators, domains, entities, or contacts when those records are part of the service dataset. That published information is generally derived from public sources, contributed records, or data intended for public machine discovery. Because the service is built around publication and interoperability, data included in a public record may be visible to search engines, API clients, and AI systems.
5. How we use collected information
We use collected information to operate, secure, maintain, improve, and explain the service.
- To deliver public pages, records, schemas, and MCP responses.
- To monitor uptime, performance, debugging, and reliability.
- To detect abuse, fraud, scraping anomalies, or security incidents.
- To measure engagement with verified links and badges, as described in Section 3.
- To understand adoption of public endpoints and guide product development.
6. Cookies and tracking
The public site may use minimal technical mechanisms necessary to serve content, measure operational behavior, support referral flows, or record link clicks and badge impressions as described in Section 3. ZoneProof is not intended to be built around behavioral advertising. If analytics or attribution tooling is used, the intent is service measurement, attribution, and abuse monitoring rather than consumer ad targeting.
7. Sharing and disclosure
ZoneProof may share information with service providers, infrastructure providers, or security vendors as reasonably necessary to host, secure, monitor, or operate the service. As described in Section 3, we may share aggregate, geography-level referral data (country and state/region, not raw IP address) with the relevant TLD namespace operator or partner so they can understand how their namespace is being referred to. Information may also be disclosed when required by law, to protect rights or safety, or in connection with investigation of abuse or misuse.
8. Retention
Operational logs and metrics are retained for only as long as reasonably necessary for security, debugging, abuse prevention, analytics, and service administration. Exact retention periods may vary by system and operational need.
For link click and badge impression data specifically: the raw IP address is retained only until the periodic batch process described in Section 3 runs, typically within one week, after which it is replaced with inferred country and state/region data. The remaining record (domain, target/badge URL, source, referrer, user agent, inferred geography, and timestamp) may be retained longer to support partner namespace reporting and product analytics.
9. Security
ZoneProof uses reasonable administrative, technical, and organizational safeguards appropriate to the nature of the service. No internet-facing service can guarantee perfect security, and you should avoid sending sensitive personal information through public endpoints unless clearly requested for a specific supported workflow.
10. International access
ZoneProof may be accessed from multiple jurisdictions and may be hosted or operated using service providers in different locations. By using the service, you understand that information may be processed where the relevant systems and operators are located.
11. Your choices and public record considerations
Because ZoneProof is a publication-oriented service, requests concerning public records may require review of provenance, legitimacy, and the public-interest purpose of the data. Where a record reflects public source material or registry policy metadata, removal may not always be appropriate or possible. Corrections, provenance disputes, and similar issues can still be reported for review.
12. Changes to this policy
This Privacy Policy may be updated from time to time. The effective date at the top of the page reflects the current version.
13. Contact
Questions about privacy, public data handling, link/impression tracking, or correction requests can be sent to [email protected].