Privacy Policy

Last updated: February 21, 2026

This Privacy Policy describes how DMARCguard ("we", "us", or "our") collects, uses, and shares information when you use our website at https://dmarcguard.io, our application at https://app.dmarcguard.io, and related services (collectively, the "Service").

1. Information We Collect

1.1 Information You Provide

  • Account information: When you create an account, we collect your email address and authentication credentials (or receive them via your identity provider if you use single sign-on).
  • Domain configuration: Domain names you add for monitoring, DNS records you configure, and DMARC/TLS-RPT reporting addresses.
  • Payment information: If you subscribe to a paid plan, payment processing is handled by our third-party payment processor. We do not store your full credit card number.
  • Support communications: Content of any messages you send to our support channels.

1.2 Information Collected Automatically

  • DMARC and TLS-RPT reports: Aggregate and forensic reports sent to our processing addresses on your behalf. These reports contain IP addresses, domain names, email authentication results, and metadata about email delivery.
  • Usage data: Pages visited, features used, timestamps, and interactions with the Service.
  • Device and browser information: Browser type, operating system, device type, and screen resolution.
  • IP address: Your IP address when accessing the Service, used for security and analytics purposes.

1.3 Information from Third Parties

  • Identity providers: If you sign in via a third-party identity provider (e.g., Google, GitHub), we receive your name, email address, and profile information as authorized by you.
  • IP enrichment services: We may enrich IP addresses found in DMARC reports with geolocation and reputation data from third-party services.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service.
  • Process and display DMARC, SPF, DKIM, BIMI, MTA-STS, and TLS-RPT data for your domains.
  • Send you alerts, notifications, and reports you configure.
  • Generate compliance scores, trend analytics, and actionable recommendations.
  • Process payments and manage your subscription.
  • Respond to support requests and communicate about the Service.
  • Detect, prevent, and address security incidents and abuse.
  • Comply with legal obligations.

3. How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

  • Service providers: With third-party vendors who assist in operating the Service (hosting, payment processing, analytics, email delivery). These providers are contractually obligated to protect your information.
  • Legal requirements: When required by law, regulation, legal process, or governmental request.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
  • With your consent: When you have given us explicit permission to share your information.

4. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS), encryption at rest, and access controls. However, no method of transmission or storage is 100% secure.

5. Cookies and Tracking

We use the following types of cookies and tracking technologies:

  • Essential cookies: Required for the Service to function (authentication, session management).
  • Analytics: We use PostHog for product analytics to understand how the Service is used. PostHog processes data in accordance with their privacy policy.

We do not use advertising cookies or sell data to advertisers.

6. Your Rights (GDPR and Applicable Law)

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Portability: Request your data in a structured, machine-readable format (CSV/JSON export is available in the Service).
  • Restriction: Request that we limit processing of your data under certain circumstances.
  • Objection: Object to processing of your data for certain purposes.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at the address below. We will respond within 30 days.

7. Data Retention

We retain your data as follows:

  • Account data: Retained for as long as your account is active. Upon account deletion, personal data is removed within 30 days.
  • DMARC/TLS-RPT report data: Retained according to your plan's data history limits (Community: 30 days, Pro: 1 year, Business: 2 years).
  • Logs and analytics: Retained for up to 90 days for security and debugging purposes.
  • Payment records: Retained as required by tax and accounting regulations.

8. International Data Transfers

The Service is operated from infrastructure that may be located in multiple jurisdictions. If your data is transferred outside your country of residence, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or other approved transfer mechanisms.

9. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

DMARCguard
Email: [email protected]