Xfinity Internet DNS Privacy Statement

This privacy statement explains how we handle data collected by the Domain Name Service (“DNS”) servers provided by Comcast as part of its Xfinity Internet service (the “Comcast DNS”).


A DNS server lets users easily reach websites, such as, by converting a domain name into the Internet protocol or IP address of the website. The Comcast DNS provides this capability to Xfinity Internet users unless they use a third party DNS or operate their own DNS. The Comcast DNS collects and uses the data necessary to provide DNS functions including, for example, the timestamp of each request, the DNS request itself, the requesting IP address, the DNS response, and the DNS query response time. Comcast may also record the requesting IP address and query data associated with malware and other security vulnerabilities in order to detect and mitigate network security issues and to communicate security issues to affected customers. Comcast uses this data to deliver DNS functions and to operate, manage, improve, secure, and troubleshoot the Comcast DNS and the Xfinity Internet service.


Comcast deletes any collected Comcast DNS data on a rolling twenty-four (24) hour basis. The only exceptions to this are when Comcast is investigating a security or safety issue or event involving specific DNS data, to protect against security threats, when a customer has opted-in to one of the service features that require longer retention of DNS data, or when Comcast has received valid legal process to retain specific DNS data. Comcast may store aggregated Comcast DNS statistics including, for example, frequency and volume data, for longer periods. These statistics do not include any individual user data from the Comcast DNS, and will not be combined with any other data in a manner that can identify an individual natural person.


Comcast does not use Comcast DNS data for marketing, advertising, or sales purposes, and does not sell this data to third parties for any purpose. Comcast may use third party service providers in connection with the delivery of Comcast DNS services and our Xfinity Internet service. However, we require these service providers to treat the DNS data as confidential and to use it only for the purpose of providing the services for which they have been engaged.


From time to time, Comcast may work with academic institutions and security researchers to understand DNS usage and security risks, for example, and to learn more about and contribute to DNS research for the benefit of the Internet community. In those cases, Comcast de-identifies the data before providing it and requires the institutions and researchers to enter into agreements that protect the confidentiality of the data, prohibit any attempts to re-identify the data, and limit the data’s uses to the specified research purposes.