Privacy Policy for VerifyDMARC
Last Updated: 12th March 2024
At VerifyDMARC, we are committed to protecting your privacy and ensuring the security of your data. This Privacy Policy outlines how we collect, use, and protect your information when you use our services.
1. Data Collection
When you use VerifyDMARC, we collect the following information:
- Your name, email address, organisation name, and billing information.
- The names and email addresses of any additional users you add to your account.
- DMARC reports related to your email domain(s).
- We only collect aggregate (RUA) reports, these contain sender and (sometimes) recipient domain names but not individual sender or recipient email addresses.
- We do not collect forensic (RUF) reports, these contain specific sender and recipient information.
2. Data Usage
We use the information we collect to provide and improve our services. Specifically:
- We use your DMARC reports to generate and display reports for your account.
- We use your account information to manage your access to our services and for communication purposes.
- We use your billing information to bill you and resolve any billing queries or disputes. We do not hold credit card information, and this is held only with a third-party payment processor.
- Our team does not access your individual DMARC reports, unless you report an issue or we are alerted to an issue by our monitoring systems. We may review reports that fail validation to ensure our validation logic is appropriate.
- Our legal basis for processing your data is the contract we have with you to provide our services.
- DMARC reports are stored for 90 days. We may shorten or lengthen this period to optimise service performance and customer experience, but we won’t store reports longer than 180 days without updating this policy first.
- We retain audit logs for security and diagnostics purposes.
3. Third-Party Sharing
We will not share your data with third parties except our sub-processors, unless we are legally required to do so. Our sub-processors are:
|
Amazon Web Services | European Union | Compute and Data Storage |
Google | European Union | Data Storage |
Kinde | European Union | Authentication |
Stripe | European Union | Billing |
Microsoft | Global | Customer Services |
SMTP2GO | European Union | Account & Billing Notifications |
4. User Rights
You have the right to access your data at any time by logging into your VerifyDMARC account. You can request to close your account and delete your data by contacting us at
privacy@verifydmarc.com. In the event of a data breach, we will notify you by email as soon as possible.
5. Data Security
Your DMARC data is processed and stored in the European Union on Amazon Web Services and Google Cloud. User account data is processed and stored in the European Union with Kinde. If you use Single Sign On functionality, this may be processed globally. We take appropriate measures to ensure the security of your data, including encryption in transit.
6. Cookies
VerifyDMARC does not use tracking cookies on its website or in the reporting application. We use cookies and session storage only for managing user sessions and state.
7. International Data Transfers
As a cloud service, your data may be transferred across borders to provide service or support, but it will always be done so with encryption in transit to ensure its protection.
8. Policy Updates
We may update this privacy policy from time to time. If we make any significant changes, we will notify you by email.
9. Contact Information