Skip to main content
Protect your domain reputation today
contact@simpledmarc.comSupport
SimpleDMARC
Security

Security at SimpleDMARC

We handle sensitive email authentication data for organizations worldwide. Security is not a feature — it is the foundation of everything we build.

Our Security Practices

We implement defense-in-depth security across every layer of our platform, from infrastructure to application to data handling.

Encryption Everywhere

All data in transit is protected with TLS 1.3. Data at rest uses AES-256 encryption. Database connections are encrypted end-to-end.

Infrastructure Security

Our infrastructure runs on SOC 2 Type II compliant data centers with redundant power, networking, and physical security controls.

Access Controls

Strict role-based access controls with multi-factor authentication for all internal systems. Principle of least privilege enforced across all teams.

Continuous Monitoring

Real-time intrusion detection, log analysis, and anomaly detection across our entire infrastructure. 24/7 alerting for security events.

Regular Audits

Quarterly penetration testing by independent security firms. Annual security audits and compliance reviews.

Incident Response

Documented incident response procedures with defined SLAs. We notify affected customers within 72 hours of confirming a security incident.

Data Protection

SimpleDMARC processes DMARC aggregate reports, DNS records, and email authentication metadata. We do not access, store, or process email content — we only handle authentication and reporting data that is generated by mailbox providers and sent to your reporting address.

All customer data is logically isolated. Each customer's domains, reports, and configurations are strictly separated at the application and database level. Cross-tenant data access is architecturally impossible.

We retain DMARC report data for the duration specified in your plan. When you delete a domain or close your account, all associated data is permanently removed within 30 days. Backups containing deleted data are purged on a rolling 90-day cycle.

Compliance

SimpleDMARC maintains compliance with industry standards and regulations including GDPR, CCPA, SOC 2 Type II controls, and ISO 27001 aligned practices. We undergo regular external audits to verify our security posture and provide compliance documentation to enterprise customers upon request.

Responsible Disclosure

We welcome security researchers to help us identify vulnerabilities. If you discover a security issue in SimpleDMARC, please report it responsibly:

  • Email your findings to security@simpledmarc.com
  • Include a detailed description of the vulnerability and steps to reproduce
  • Allow us reasonable time to investigate and remediate before public disclosure
  • Do not access, modify, or delete data belonging to other users

We commit to acknowledging your report within 48 hours, providing regular updates on our investigation, and recognizing your contribution (with your permission) after the issue is resolved.

Questions about our security?

Reach our security team directly for any concerns or inquiries.

Contact Security Team
Security — How We Protect Your Data | SimpleDMARC