Security
You’re handing us API credentials to your DNS infrastructure. We take that seriously. Here’s exactly how we protect your data.
Read-only access
We request the minimum permissions required from each provider. We cannot modify your DNS records. Each integration is scoped to read-only access at the API level:
- Cloudflare: Scoped API token with
Zone:Readpermission only. This token cannot modify, create, or delete records. We recommend creating a dedicated token rather than using your Global API key, and our setup guide walks you through that. - AWS Route53: IAM policy limited to
route53:ListHostedZonesandroute53:ListResourceRecordSets. No write permissions are included. You can verify this by reviewing the policy document before attaching it. - DNSimple: Read-only OAuth token. No write scopes are requested during the authorization flow.
- GoDaddy: API key with domain read access only. No record modification endpoints are called.
We cannot write to your zones. The permissions we request don’t allow it. You can verify this yourself by reviewing the scopes and policies before granting access. If a provider’s permission model changes, we update our documentation and request flow to match.
Encryption
All zone data is AES-256 encrypted at rest. Encryption happens before storage — plaintext zone data is never written to disk unencrypted. Data is encrypted in transit via TLS for all connections, both between your browser and BackupMyDNS, and between our systems and DNS provider APIs.
BackupMyDNS team members cannot read your zone data. There is no admin panel, debug tool, or support workflow that exposes decrypted zone contents. This is a deliberate architectural decision, not a policy — the access path does not exist.
Fort Knox mode
Available on Pro ($14/mo) and Business ($49/mo) plans. This is our zero-storage option.
When Fort Knox mode is enabled, we pull your zone data from the provider, encrypt the backup, email it directly to you, and then delete it from our systems immediately. Your zone data never persists on our infrastructure. The entire cycle — fetch, encrypt, deliver, delete — completes in a single operation.
This is designed for teams with strict compliance requirements around third-party data storage. If your security policy prohibits zone data from residing on external systems, Fort Knox mode satisfies that constraint. The backup lives in your inbox, under your control, and nowhere else.
Credential storage
The API keys and tokens you provide are encrypted at rest, stored separately from zone data. These are two distinct encryption boundaries. Access to stored credentials is restricted to the automated service processes that perform backups. There is no mechanism for team members to retrieve, view, or export your credentials through any interface.
Data handling
We don’t sell your data. We don’t share it with third parties. We don’t analyze your zone data for trends, marketing, or product development. Your zone records are used for exactly one purpose: generating your backups.
When you delete your account, your data is purged. Zone snapshots, diffs, stored credentials, and account metadata are all removed. We don’t retain copies.
Infrastructure
We run on reputable cloud infrastructure with standard security practices: regular patching, minimal attack surface, no unnecessary services or open ports. We keep our dependency footprint small and update promptly when security patches are released.
We don’t make claims about certifications we haven’t earned or audits we haven’t completed. We’re a bootstrapped company that has been profitable since 2022, and we prioritize doing the basics well over collecting compliance badges.
Contact
Security questions or concerns: hey@backupmydns.com.
If you find a vulnerability, please email us directly rather than filing a public issue. We respond to security reports within one business day.