Privacy Policy

1. Information We Collect

We collect information you provide directly and information generated through your use of our services:

Account Information

When you create an account, we collect your name, email address, company name, and billing information. If you sign up through a third-party provider (such as Google or GitHub), we receive your name and email address from that provider.

Domain and Email Data

To provide our email authentication services, we process DMARC aggregate reports, SPF records, DKIM records, and related DNS data for domains you register with our platform. These reports contain IP addresses, email volume counts, and authentication results — they do not contain email content or message bodies.

Usage Data

We automatically collect information about how you interact with our services, including pages visited, features used, browser type, device information, and IP address. We use cookies and similar technologies for analytics and to maintain your session.

2. How We Use Your Information

We use the data we collect for the following purposes:

• Service delivery — To provide, maintain, and improve our email authentication monitoring and reporting services.
• Communication — To send you service updates, security alerts, DMARC report summaries, and respond to support requests.
• Security — To detect and prevent fraud, abuse, and security threats to our platform and your domains.
• Analytics — To understand how our services are used and to improve the user experience.
• Billing — To process payments and manage your subscription.
• Legal compliance — To comply with applicable laws and respond to lawful requests from authorities.

3. Data Sharing and Disclosure

We do not sell your personal data. We share information only in these circumstances:

• Service providers — With trusted third parties who assist us in operating our platform (hosting, payment processing, email delivery), bound by confidentiality agreements.
• Legal requirements — When required by law, subpoena, or court order, or to protect the rights, property, or safety of SimpleDMARC, our users, or the public.
• Business transfers — In connection with a merger, acquisition, or sale of assets, with prior notice to affected users.

4. Data Retention

We retain your account data for as long as your account is active. DMARC report data is retained for the duration specified in your plan (typically 12 months). When you delete your account, we remove your personal data within 30 days, except where retention is required by law.

5. Your Rights

Depending on your location, you may have the right to access, correct, delete, or export your personal data. You can also object to certain processing activities or withdraw consent where applicable. To exercise these rights, contact us at privacy@simpledmarc.com.

6. Security Measures

We protect your data using industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, role-based access controls, and regular security audits. For more details, see our Security page.

7. International Data Transfers

SimpleDMARC operates globally. Your data may be processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place for all international transfers, including Standard Contractual Clauses where required.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on our website at least 30 days before the changes take effect.