Last updated: 2025
DMARC Monitor is committed to protecting the privacy and data rights of users in the European Union and European Economic Area. We comply with the General Data Protection Regulation (GDPR) and treat data protection as a fundamental right.
We process your personal data based on the following legal grounds:
As a data subject in the EU/EEA, you have the following rights:
You can request a copy of the personal data we hold about you. We will provide this information free of charge within 30 days of your request.
If your personal data is inaccurate or incomplete, you have the right to have it corrected. You can update most information directly in your account settings.
You can request deletion of your personal data. We will delete your data unless we have a legal obligation to retain it. Account deletion can be requested through settings or by contacting us.
You can request that we limit how we process your data in certain circumstances, such as when you contest the accuracy of the data.
You can request your data in a structured, commonly used, machine-readable format (such as JSON or CSV) to transfer to another service.
You can object to processing based on legitimate interests. We will stop processing unless we have compelling legitimate grounds.
Where processing is based on consent, you can withdraw that consent at any time without affecting the lawfulness of prior processing.
We collect and process the following categories of personal data:
| Data Category | Purpose | Retention |
|---|---|---|
| Email address | Account management, notifications | Until account deletion |
| Domain names | Service provision | Until account deletion |
| DMARC reports | Email security monitoring | 12 months |
| IP addresses (in reports) | Email source identification | 12 months |
| Usage logs | Security, service improvement | 90 days |
Your data may be processed on servers located outside the EU/EEA. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission or other valid transfer mechanisms.
We implement technical and organizational measures to protect your data:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours. If the breach is likely to result in a high risk to you, we will also notify you directly without undue delay.
To exercise any of your GDPR rights, contact us at:
Email: hello@dmarcmonitor.app
We will respond to your request within 30 days. If we need more time (up to 60 additional days for complex requests), we will inform you of the delay and the reasons.
We may ask you to verify your identity before processing your request to ensure the security of your data.
If you believe we have not handled your data properly, you have the right to lodge a complaint with a supervisory authority in your EU/EEA member state. We encourage you to contact us first so we can address your concerns.
For data protection inquiries, you can reach us at hello@dmarcmonitor.app.
We may update this GDPR information as regulations evolve or our practices change. Significant changes will be communicated via email or website notice.