▸ Anomalous Conditions Document

0. Applicability of this Policy

This Anomalous Conditions Privacy Policy (“Policy”) modifies our general Privacy, Data Processing and Use Policy with conditions which apply to operation under anomalous conditions. Specifically, this policy governs Quad9’s collection, processing, storage, use, and sharing of data associated with cyber attacks against or malicious use of its infrastructure, and data associated with failures or anomalous behavior of its software and infrastructure.

We have a separate privacy policy which applies to communications with us via our web site or email.

This is version 1.0 of the Policy, published on Wednesday, February 17, 2021.

Quad9 may amend this policy by posting a new version, with an incremented version number, at https://quad9.net/privacy/anomalous-conditions.

Security and Privacy are complementary and reinforce each other. Neither is possible in the absence of the other. We cannot provide privacy if we are unable to secure our systems, and we cannot provide security without ensuring the privacy of communications. This policy defines the rights we reserve to defend our systems against attack, and consequently our ability to serve the security and privacy of our users.

1. Treatment of Personally Identifiable Information

This policy applies to processes which are enacted in the diagnosis and mitigation of anomalous conditions in our operating environment. At the beginning of a mitigation event, automated processes begin collecting data relevant to the diagnosis of the root cause. This data includes the Internet Protocol Addresses which appear to be connected with the event, and those Internet Protocol Addresses may constitute Personally Identifiable Information in the event that they directly identify an individual.

Anomalous events which trigger the diagnostic processes covered by this policy include, but are not limited to, volumetric (“DDoS”) attacks, protocol faults, implementation errors in server code, and malicious exploitation of vulnerabilities in the hardware, software, and networks which constitute our systems.

As our automated systems and our engineers work toward a diagnosis and resolution of an incident, the scope of diagnostic data under review may be lessened, until a specific root cause is identified. If that root cause correlates with specifically triggering queries, those queries, including but not limited to their query labels, their source addresses, their arrival times, their responses, and their overall elapsed times-to-response, may be retained in full or partial form in permanent archives.

Significant events, including any successful cyber attacks against our infrastructure, will be documented in our Transparency Report. If the outcome of our investigation is a determination an IP address has been used in a criminal attack against ourselves or anyone else, we will share it with relevant law enforcement authorities at our discretion.


This Policy is published under a Creative Commons Attribution-NonCommercial-ShareAlike license.