Last Updated: 3rd September 2024
At VerifyDMARC, we are committed to protecting your privacy and ensuring the security of your data. This Privacy Policy outlines how we collect, use, and protect your information when you use our services.
1. Data Collection
When you use VerifyDMARC, we collect the following information:
- Your name, email address, organisation name, and billing information.
- The names and email addresses of any additional users you add to your account.
- DMARC reports related to your email domain(s), when they are submitted to us.
- TLS reports related to your email domain(s), when they are submitted to us.
- We only collect aggregate reports (RUA reports), these may contain sender and recipient domain names but not individual sender or recipient email addresses. We only process reports for domains you have explicitly configured in our system.
- We do not collect forensic (RUF) reports, which contain specific sender and recipient information.
2. Data Usage
We use the information we collect to provide and improve our services. Specifically:
- We use your RUA reports (including both DMARC and TLS reports) to generate and display reports for your account.
- We use your account information to manage your access to our services and for communication purposes.
- We use your billing information to bill you and resolve any billing queries or disputes. We do not hold credit card information, and this is held only with a third-party payment processor.
- Our team does not access your individual RUA reports, unless you report an issue or we are alerted to an issue by our monitoring systems. We may review reports that fail validation to ensure our validation logic is appropriate.
- Our legal basis for processing your data is the contract we have with you to provide our services.
- RUA reports are stored for 90 days. We may shorten or lengthen this period to optimise service performance and customer experience, but we won't store reports longer than 180 days without updating this policy first.
- We retain audit logs for security and diagnostics purposes.
3. Third-Party Sharing
We will not share your data with third parties except our sub-processors, unless we are legally required to do so. Our sub-processors are:
| Sub-Processor |
Region |
Function |
| Amazon Web Services |
European Union |
Compute and Data Storage |
| Google |
European Union |
Data Storage |
| Kinde |
European Union |
Authentication |
| Stripe |
European Union |
Billing |
| Microsoft |
Global |
Customer Services |
| SMTP2GO |
European Union |
Account & Billing Notifications |
4. User Rights
You have the right to access your data at any time by logging into your VerifyDMARC account. You can request to close your account and delete your data by contacting us at privacy@verifydmarc.com. In the event of a data breach, we will notify you by email as soon as possible.
5. Data Security
Your DMARC data is processed and stored in the European Union on Amazon Web Services and Google Cloud. User account data is processed and stored in the European Union with Kinde. If you use Single Sign On functionality, this may be processed globally. We take appropriate measures to ensure the security of your data, including encryption in transit.
6. Cookies
VerifyDMARC does not use tracking cookies on its website or in the reporting application. We use cookies and session storage only for managing user sessions and state.
7. International Data Transfers
As a cloud service, your data may be transferred across borders to provide service or support, but it will always be done so with encryption in transit to ensure its protection.
8. Policy Updates
We may update this privacy policy from time to time. If we make any significant changes, we will notify you by email.
9. Definitions
- RUA Reports: Aggregate reports that include both DMARC aggregate reports and TLS aggregate reports. These reports contain statistical data about email authentication results and TLS connection attempts, respectively. We only receive these reports when a domain is configured with the appropriate DNS records and only process them if you have explicitly added the domain to our system.
- DMARC: Domain-based Message Authentication, Reporting, and Conformance, an email authentication protocol, defined in RFC 7489.
- TLS: Transport Layer Security, a protocol for secure communication over a computer network.
- TLSRPT: SMTP TLS Reporting
- SMTP TLS Reporting: A mechanism for sending domains to share TLS success and failure with recipient domains, defined in RFC 8460.
10. Contact Information
If you have any questions or concerns about your privacy, please contact us at privacy@verifydmarc.com.
Changelog
- 3rd September 2024: Updated policy to include information about TLS report processing, which is new functionality being released, this does not affect existing customers who do not activate the functionality. Added definitions for RUA Reports, DMARC, TLS, and TLSRPT. Clarified that we only process reports for domains explicitly added and configured in our system.
- 12th March 2024: Initial Version
