Privacy Policy for the CIRA Canadian Shield Service

This Privacy Policy describes the policies and procedures for the Canadian Shield service (the “Service”) operated by the Canadian Internet Registration Authority (“CIRA”). This Privacy Policy is incorporated into and subject to the Terms and Conditions of the Service.

a. The privacy of users of the Service is very important to CIRA. CIRA will not sell, rent, or license your personal information to any third party.

b. As an open DNS resolver, there is no signup or requirement to disclose personal information to CIRA, other than that which is provided by accessing the Service. The only method by which CIRA can identify end users is by the IP (internet protocol) address of the user.

c. When you use the Service, we collect your IP (internet protocol) address, and your domain name queries. IP addresses may represent individual persons or devices, or they may represent large groups of end users within an organization. The Service does not distinguish between single and multiple users behind a single IP address.

d. Your detailed DNS query data that includes your IP address will be retained by CIRA for up to twenty-four (24) hours, in order to identify and protect the Service from any malicious behaviour, after which time it will be deleted. Beyond 24 hours only aggregated data will be retained in which your domain name queries will no longer be attributable to your IP address.

e. In the event CIRA observes behaviours which CIRA deems to be malicious or anomalous, CIRA may retain detailed DNS query data in the course of normal network defense and mitigation. This collection will be limited to DNS query data associated with IP addresses that CIRA determines are involved in the event.

f. CIRA will use threat feeds provided by intelligence partners. CIRA may share with intelligence partners data about domains and the number of blocks associated with them. This data will not include any Canadian Shield User’s Personally Identifiable Information (PII).

g. CIRA may also share high level anonymized aggregate statistics, including metrics on threat type, geolocation, as well as other vertical metrics including performance of the Service (e.g. number of threats blocked, infrastructure uptime) with the public and with its threat intelligence partners.

In addition, for the mobile version of the Service, CIRA may collect certain information related to your use of the Service and your network usage. This is anonymous, general information about your data usage, and does not include any personally identifying information about you, your device, or your location. This information includes the following:

Device data: We use device model, storage capacity and operating system for troubleshooting the Service. This data does not include unique device identifiers.

Connection data: We use your generic network connection (Wi-Fi or Cellular) to understand how the Service impacts your Internet connection and to improve the Service.

Performance and Usage data: We use data tonnage transferred and the internet locations / installed applications your device has accessed to understand how the Service impacts your data performance and to improve the Service.

Application diagnostics and crash reports: These are handled anonymously by third parties depending on the operating system. We use this information for troubleshooting and to improve the Service. The information we receive is fully anonymized and cannot be tied back to individual users.