.svg?width=185&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Home"){kind=logo}
.svg?width=13&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Top Navigation - Sign in - Icon")
.png?width=1024&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Legal: Banner with Media - Background")
Product Privacy Information
- Overview: Product Privacy Information
- Sophos UTM Privacy Data Sheet
- Sophos AV Privacy Data Sheet
- Sophos Central Device Encryption (CDE) Privacy Data Sheet
- Sophos Central
- Sophos Central Endpoint and Server Privacy Data Sheet
- Sophos Cloud Optix Privacy Data Sheet
- Sophos Cloud Products
- Sophos Privacy Data Sheet – Email & Phish Threat
- Sophos Firewall
- Sophos Home and Sophos Home Premium (consumer products)
- Sophos Managed Detection and Response (MDR) Privacy Data Sheet
- Sophos Managed Risk Privacy Data Sheet
- Sophos Mobile Privacy Data Sheet
- Sophos Intercept X for Mobile
- Sophos Sandstorm
- Sophos XDR Privacy Data Sheet
- SophosLabs Intelix Privacy Data Sheet
- Sophos Capsule8 Protect Data Privacy Sheet
- HitmanPro and HitmanPro.Alert
- Sophos Privacy Data Sheet – Sophos Protected Browser
- Sophos Privacy Data Sheet – Sophos DNS Protection
Sophos DNS Protection Privacy Data Sheet
The purpose of this datasheet is to provide Sophos customers with information on how our offerings affect their privacy considerations. In this document, we provide information on Sophos DNS Protection 's data handling practices, including the collection, use, and storage of personal information.
Product Summary
Sophos DNS Protection is a cloud-based service that keeps your organization safe from malicious networks and from threats that exploit the Domain Name System. The service is available as part of a Sophos Firewall Xstream Protection subscription, and as part of the Sophos Workspace Protection bundle. When purchased with Sophos Firewall you can protect entire networks - either connect to DNS Protection via the Firewall’s local DNS service, by configuring it as the default DNS server for devices on your network or by using it as a forwarder for your existing internal DNS servers. With Workspace Protection, we provide an agent for Windows endpoint devices that ensures all DNS requests from the device are securely redirected to DNS Protection, keeping users and devices protected wherever they connect from.
Information Processed by Sophos DNS Protection
Sophos DNS Protection processes the following types of information:
- Username (with Endpoint DNS Protection only)
- Endpoint device name (with Endpoint DNS Protection only)
- Public IP address of query origin
- Tenant ID
- Domain requested
- Date and time of event
- DNS response contents
- Service system events and software logs
Purpose of Information Processed by Sophos DNS Protection
Sophos DNS Protection processes personal information to enable protection through secure, policy driven DNS responses. This processing supports the following purposes (non-exhaustive):‑driven ‑exhaustive):
- Applying the correct customer-specified filtering policies to DNS responses.
- Reporting on potential risky activities within the customer’s networks.
- Investigating potential threat activity or attacks by mining historical DNS traffic data for evidence of anomalous behavior.
- Troubleshooting in situations where the product’s behavior does not match the customer’s expectations.
- Aiding innovation and improvements in the product such as advanced detection and security techniques and performance optimizations.
- Information processed by Sophos DNS Protection is available to the customer in Sophos Central.
Sophos processes the information identified above for the purpose of performing the service(s) to you in accordance with the Sophos End User Terms of Use.
Sub-processors
Data processed by Sophos DNS Protection is hosted in AWS data centers in the region(s) selected by the customer at the time of Sophos Central account creation.
DNS requests are automatically routed to our points of presence in AWS data centers in the region best located for the device or network making the requests, which may not be the region you selected for your Sophos Central account. Data collected by the points of presence are only stored temporarily before being passed to your Sophos Central region for processing and storage.
Visit our sub-processor listing to find out more about sub-processors engaged by Sophos.
Retention
Sophos applies its retention policies to delete and purge data that is no longer needed for the purpose for which the personal data was originally collected.
- Sophos DNS Protection data stored in Central for customer use is held for 90 days.
- Configuration data is retained until the service is no longer required (Not deleted)
- Diagnostic logs are stored for 30 days
Security
Sophos secures customer information by authenticating access via username and password based on managed Active Directory group membership coupled with multi-factor authentication.
Sophos data centres have achieved SOC2 Type II certification to demonstrate its strong security practices, policies and internal controls environment.
For information about the security protections used in the data centers where customer data resides, visit the AWS Security Documentation Center.
Our Commitment to Privacy
Sophos is committed to complying with data protection rules and protection of personal data processed by the Sophos DNS Protection. Sophos will access data to enhance features and services that bring benefits to the customer, and for R&D innovation of future capabilities.
Access
Customer Access
DNS Protection customers can access traffic log data through the Logs & Reports section in Sophos Central.
Customers with access to Sophos XDR can query DNS Protection data using the Live Discover functionality in Sophos Central or via APIs. The tables and fields for DNS Protection data in the Data Lake are part of the Sophos Firewall schema and are listed here.
Sophos Access
Sophos Engineering monitors telemetry for planning future roadmap strategy and requirements, product development and enhancement, troubleshooting, and generating statistics and reports.
Sophos Labs or Sophos AI teams may access data for analysis, threat detection, research purposes and continuous improvement and evolution of our products and threat detections.
Disclaimer
The information contained in this privacy data sheet may change at any time and is only meant for general awareness. This Sophos DNS Protection Data Sheet is not meant to constitute legal advice, warranty of fitness for a particular purpose or compliance with any applicable laws.
Last updated February 2026