Paloryx Labs
Legal

Privacy Policy

What we collect, what we don't, and how we treat the data that does reach us.

Last updated: April 19, 2026

The short version

Paloryx Resolver runs on hardware you control. Your DNS queries — the domains your devices look up — never leave your network. We do not see them, log them, or sell them. Our cloud only receives the minimum needed to activate a paid license, sync a small inventory of your devices to your account dashboard, and process updates and billing.

If you only use the free Home tier and never connect a Paloryx Labs account, we collect nothing from you beyond what your browser automatically sends when you visit paloryxlabs.com.

1. Who we are

This policy applies to Paloryx Labs ("we", "us", "our") and the Paloryx Resolver software, the paloryxlabs.com website, and the customer dashboard at paloryxlabs.com/dashboard. You can reach us at privacy@paloryxlabs.com.

2. What Paloryx Resolver sends to us

Home tier (free, no account)

Nothing. The resolver runs entirely on your device. It does not phone home, does not check in, and does not transmit telemetry.

Pro / Business tier (or any install with a connected account)

When you link a Paloryx Labs account the resolver sends a small, periodic update to our cloud. Specifically:

  • Activation data: license key, an installation ID, the hostname of the single machine the resolver runs on, and its operating system. Used to validate your license and show the install on your account dashboard.
  • Heartbeats: a daily ping with that install's version, platform, and uptime so we can tell it's still active and surface outages. No DNS query content, and no information about any other device on your network.
  • Advisor prompts: if you use the built-in AI advisor, the text you type is sent to our cloud, which forwards it to Anthropic's Claude API. We store prompt counts for rate-limiting and abuse detection; we do not retain prompt contents.

We never transmit DNS query logs, blocklist decisions, the domains any device looked up, or any information about the other devices on your LAN (phones, laptops, TVs, smart-home gear). Those stay on the machine running the resolver. The cloud only knows about the one install tied to your license.

3. What you send to us directly

  • Account data: when you create a Paloryx Labs account, we store your email address (and a password hash if you use password sign-in) in our Supabase database.
  • Billing data: payment and subscription details are handled by Stripe. We store the Stripe customer ID, subscription status, and plan tier. We never see your full card number.
  • Support correspondence: if you email support or use the contact form, we retain that message for as long as is reasonable to answer you and improve the product.
  • Waitlist email: if you enter your email on the download/waitlist page, we store it so we can email you when the product is available.

4. Website analytics and cookies

We don't run third-party analytics on the marketing site. No advertising cookies, no cross-site tracking, no pixels.

We set a session cookie on the customer dashboard so you stay signed in. It's first-party, HTTP-only, and not shared with anyone.

5. Sub-processors

We use the following third-party services to run the platform. Each is bound by its own terms and privacy policy:

  • Supabase — hosted Postgres for accounts, licenses, and device inventory.
  • Vercel — hosts the website and file downloads for software updates.
  • Stripe — billing and subscription management.
  • Resend — transactional email (receipts, waitlist, support replies).
  • Anthropic — powers the in-product AI advisor. Requests are forwarded with no persistent user identifiers beyond a rate-limit counter.

6. How long we keep data

  • Active accounts: for as long as the account exists.
  • Cancelled accounts: we retain billing records for 7 years to meet tax and accounting requirements. Personal data outside billing is deleted within 30 days of cancellation unless you ask us to retain it for a specific reason.
  • Waitlist emails: deleted when you unsubscribe or on request.
  • Support messages: retained for up to 2 years, then deleted.

7. Your rights

Wherever you live, you can ask us to:

  • Access a copy of the data we hold about you.
  • Correct anything that's wrong.
  • Delete your account and personal data.
  • Export your data in a portable format.
  • Object to or restrict specific processing.

Email privacy@paloryxlabs.com and we'll respond within 30 days. If you're in the EU / UK, you also have the right to complain to your data-protection authority.

8. Children

Paloryx Labs services are not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has given us data, email us and we'll delete it.

9. International transfers

Our infrastructure runs in the United States. If you use our services from outside the US, your data will be transferred to and processed in the US. Our sub-processors apply standard contractual clauses where required.

10. Security

For the technical details of how we protect your data at rest and in transit, see our Security page. If you discover a vulnerability, please report it to security@paloryxlabs.com.

11. Changes to this policy

If we make material changes, we'll post the revised policy here and update the "Last updated" date. For significant changes affecting your account, we'll email you.

12. Contact

Email privacy@paloryxlabs.com or use the contact form.