Enterprise-Grade Security

Security-First Platform

Your trust is our foundation. Every layer of Nebula DNS is built with security as a first principle — not an afterthought. We protect your data, preserve your privacy, and maintain the highest standards of operational security.

Request Security WhitepaperTalk to Our Security Team

SECURITY ARCHITECTURE

Comprehensive Security at Every Layer

Multi-layered security controls protecting your DNS infrastructure, your data, and your users.

End-to-End Encryption

All DNS queries are encrypted using TLS 1.3 with perfect forward secrecy. We support DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT).

Data Encryption at Rest

All stored data is encrypted using AES-256. Encryption keys are managed with industry-standard rotation policies and hardware security modules.

Infrastructure Security

Our infrastructure runs on hardened, regularly patched systems. All services operate in isolated containers with minimal attack surface.

Zero-Knowledge DNS

Your DNS policies and custom lists are encrypted client-side. We cannot access your sensitive filtering configurations.

Third-Party Audits

Independent third-party security audits are conducted annually. Penetration testing occurs quarterly by certified ethical hackers.

DDoS Protection

Multi-layered DDoS mitigation protects against volumetric and application-layer attacks, ensuring our 99.99% uptime commitment.

Role-Based Access Control

Granular RBAC with multi-factor authentication and single sign-on via SAML. Every action scoped to the right user, the right tenant.

Audit Logging

All administrative actions and policy changes are logged immutably. Full audit trails for compliance reviews and forensic analysis.

Bug Bounty Program

Our responsible disclosure program rewards security researchers who help us identify and fix vulnerabilities before they can be exploited.

Compliance Framework

Built to support SOC 2, GDPR, ISO 27001, and CCPA requirements. We make compliance documentation available to enterprise customers on request.

DATA PRIVACY

Your Privacy is Non-Negotiable

Privacy is built into every layer of our architecture, not added as an afterthought.

No DNS Query Logging

We do not log individual DNS queries in a way that can be traced back to specific users.

No Data Selling

Your data is never sold, shared, or monetized. We make money from subscriptions, not from you.

Minimal Data Retention

Analytics are aggregated and anonymized. Personal data is retained only as long as necessary.

Data Portability

Export your data at any time in standard formats. No vendor lock-in, ever.

COMPLIANCE

Meeting the Highest Standards

Designed to meet and exceed global regulatory requirements and industry certifications.

SOC 2 Type II

In Progress

Expected certification Q2 2026

GDPR

Compliant

Full compliance with EU data regulations

ISO 27001

In Progress

Information security management certification

CCPA

Compliant

California Consumer Privacy Act compliance

BUG BOUNTY

We Reward Responsible Disclosure

We partner with the security research community to continuously improve our defenses. Report a vulnerability and we'll work with you to fix it — and compensate you for your effort.

Critical vulnerabilitiesUp to $10,000
High severity issuesUp to $5,000
Medium severity issuesUp to $1,000
Low severity / informationalUp to $250
Submit a Report
$10,000

maximum reward for critical vulnerabilities

In-scope targets

api.nebuladns.io
app.nebuladns.io
DNS infrastructure
Authentication systems

OUR FOUNDATION

Security is our foundation

Have questions about our security posture, compliance certifications, or want to review our full security documentation? Our security team is ready to help.

Request Security WhitepaperSchedule a Security Review