Privacy Policy

Last updated: 2025

1. Introduction

DMARC Monitor ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our email security monitoring service at dmarcmonitor.app.

2. Information We Collect

We collect the following types of information:

Account Information

  • Email address (required for account creation and notifications)
  • Password (stored securely using industry-standard hashing)
  • Company/organization name (optional)

Domain Information

  • Domain names you add to monitor
  • DNS records (DMARC, SPF, DKIM, MX) for your domains
  • SSL certificate information

DMARC Report Data

  • DMARC aggregate reports sent to our reporting address
  • TLS-RPT reports for email encryption monitoring
  • Report metadata including source IPs, authentication results, and email volumes

Usage Data

  • Log data (IP address, browser type, pages visited)
  • Feature usage patterns to improve our service

Payment Information

We use Polar (polar.sh) as our Merchant of Record for payment processing. When you make a purchase:

  • Payment details (credit card, billing address) are collected and processed directly by Polar
  • We do not store your full credit card number on our servers
  • Polar handles all payment processing, tax calculation, invoicing, and refunds
  • Your billing information is subject to Polar's Privacy Policy

3. How We Use Your Information

We use the collected information to:

  • Provide and maintain our email security monitoring service
  • Process and display DMARC reports in your dashboard
  • Send email alerts about security issues, DNS changes, or compliance problems
  • Generate compliance reports and analytics
  • Respond to your support requests
  • Improve our service based on usage patterns
  • Prevent fraud and abuse

4. Data Storage and Security

Your data is stored on secure servers. We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption of data in transit (TLS/HTTPS)
  • Encryption of sensitive data at rest
  • Regular security audits and updates
  • Access controls limiting who can view your data
  • Secure password hashing

5. Data Sharing

We do not sell, rent, or trade your personal information. We may share data only in these circumstances:

  • Payment processor: Polar (polar.sh) processes all payments as our Merchant of Record. They receive your billing information to complete transactions.
  • Service providers: Third-party services that help us operate (e.g., AWS for email delivery, DigitalOcean for hosting, Cloudflare for CDN) under strict confidentiality agreements
  • Legal requirements: When required by law, court order, or government request
  • Business transfers: In connection with a merger, acquisition, or sale of assets (you will be notified)

6. Data Retention

We retain your account information as long as your account is active. Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law.

Report Data Retention

DMARC reports, TLS-RPT reports, and forensic reports are retained for 90 days. This rolling retention period ensures optimal performance while providing sufficient historical data for security monitoring and compliance analysis.

  • Rolling 90-day window: Reports older than 90 days are automatically deleted. New reports are continuously added, so you always have access to the most recent 90 days of data.
  • Export anytime: You can export your reports as PDF or CSV at any time to maintain your own unlimited archives.
  • Industry standard: 90-day retention is standard practice among DMARC monitoring services and provides sufficient data for most security and compliance needs.

7. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Export: Download your data in a portable format
  • Opt-out: Unsubscribe from marketing emails (service emails cannot be opted out)

To exercise these rights, contact us at hello@dmarcmonitor.app.

8. Cookies

We use essential cookies to maintain your login session and preferences. We do not use advertising or tracking cookies. You can configure your browser to refuse cookies, but this may affect your ability to use our service.

9. Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on our website. Your continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: hello@dmarcmonitor.app