Privacy Policy

Civetta ("we", "us") provides family-aware DNS security. This policy explains what we collect, why, and how you control it.

Information we collect

Account information

Email address, account identifier, and authentication state — collected when you sign up. Authentication is handled by Clerk; we never see your password.

Device information

Platform, model, and a device label you choose. We store an optional push token so we can deliver the notifications you've opted into.

DNS event data

When a Civetta-protected device blocks a malicious or suspicious domain, we record: the device, a one-way hash of the domain, the threat category and score, and the time of the block. We do not store full browsing history, successful queries, or the raw domain string.

Billing

On iOS, purchases are processed by Apple via In-App Purchase — we never see your payment instrument or any card data. We receive only subscription metadata (plan, status, period dates) from Apple's App Store Server API. For legacy web subscriptions, Stripe processes the payment and shares the same kind of metadata; we never receive card numbers in either flow.

Family-share data

When a protected user invites a family member to receive alerts, the family member sees only:

• A severity tier (Critical, High, Medium, Info)
• A general threat category
• A short, non-identifying recommendation

The family member never sees the raw domain, the threat score, or the device label. Both parties must consent — either can revoke at any time, and revocation propagates within the same database transaction that authenticates it.

How we use the data

• To detect and block threats in real time on your devices
• To send you the alerts and digests you've subscribed to
• To bill you for the plan you chose
• To meet our security and audit obligations

We do not sell your data. We do not use your DNS event data to build advertising profiles.

Sharing

We share data with:

• Apple — for In-App Purchase processing on iOS
• Stripe — for legacy web billing
• Clerk — for authentication
• Amazon Web Services — for hosting and storage
• Apple Push Notification service / Amazon SES — for delivering notifications you opted into

We share only the minimum each provider needs. We never share your data with advertisers, data brokers, or analytics platforms that build cross-site profiles.

Your rights

• Access — request a copy of your data
• Correction — fix anything inaccurate
• Deletion — delete your account and all associated data, anytime, from the Account screen inside the app
• Portability — export your data in a machine-readable format

Email privacy@civetta.app for any of the above. We respond within 30 days.

Data retention

We keep DNS event data for 90 days, after which it's aggregated to anonymous threat-intelligence statistics. Audit logs are retained for one year. When you delete your account, your personal data is removed from our active systems immediately and from backups within 30 days.

Security

Civetta uses multi-tenant data isolation enforced by the database itself (PostgreSQL row-level security). Audit log entries are append-only. Production secrets live in AWS Secrets Manager. We're happy to share details about our architecture; ask security@civetta.app.

Threat intelligence attribution

Civetta's DNS-layer protection combines multiple public threat-intelligence feeds. We gratefully acknowledge:

• URLhaus & ThreatFox (abuse.ch) — malware distribution + IOCs
• FireHOL Level 1 — IP / CIDR blocklist
• Phishing.Database — active phishing domains
• PhishTank (Cisco Talos) — community-verified phishing URLs
• OISD — aggregated blocklist (CC BY 4.0)
• Tranco — research top-sites list (popularity floor)

Changes to this policy

If we change anything material we'll email you and update the date at the top of this page before the changes take effect.

Contact

Questions: privacy@civetta.app.