Compliance & Trust
Privacy Policy
Last updated: January 2025
1. Introduction
DDMARC ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our DMARC analysis and email security platform.
2. Information We Collect
Account Information
- Name and email address
- Company name and contact details
- Billing information (processed securely through third-party payment processors)
- Account credentials (passwords are encrypted and never stored in plain text)
DNS and Email Data
- Domain names you add to the Service
- DNS records (DMARC, SPF, DKIM, BIMI, etc.)
- DMARC aggregate and forensic reports sent by email receivers
- IP addresses (both IPv4 and IPv6) from email authentication data
- Email sending sources and authentication results
Usage Information
- Pages visited and features used
- Browser type and version
- Device information
- IP address and geographic location
- Date and time of access
3. How We Use Your Information
- To provide and maintain the Service
- To process DMARC reports and generate analytics
- To monitor DNS records and send alerts
- To communicate with you about your account and Service updates
- To process payments and prevent fraud
- To improve and optimize the Service
- To comply with legal obligations
- To provide customer support
4. Data Sharing and Disclosure
We do not sell your personal information to third parties. We may share your information in the following circumstances:
Service Providers
We use third-party service providers to help us operate the Service, including hosting providers, payment processors, and email delivery services. These providers have access only to the information necessary to perform their functions.
White-Label Partners
If you access the Service through a white-label partner (MSP, hosting provider, agency), your information is shared with that partner as necessary to provide the Service under their brand.
Legal Requirements
We may disclose your information if required by law or in response to valid legal requests from public authorities.
Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
5. Data Security
We implement industry-standard security measures to protect your information:
- Encryption in transit (TLS/SSL) and at rest
- Regular security audits and vulnerability assessments
- Access controls and authentication requirements
- Secure data centers with physical security measures
- Employee training on data protection and privacy
- Incident response procedures
6. Data Retention
We retain your information for as long as necessary to provide the Service and comply with legal obligations. DMARC report data is retained according to your subscription plan (30 days for Free, 1 year for Starter, unlimited for Professional and MSP plans). When you close your account, we will delete or anonymize your personal information within 30 days, except where required by law to retain it longer.
7. Your Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of your personal information
- Correction: Request correction of inaccurate information
- Deletion: Request deletion of your information
- Portability: Request your data in a machine-readable format
- Opt-out: Unsubscribe from marketing communications
- Restriction: Request limitation on how we process your data
- Object: Object to processing of your information
To exercise these rights, contact us at privacy@ddmarc.com. We will respond within 30 days.
8. GDPR Compliance (EU Users)
If you are in the European Economic Area (EEA), we process your personal data based on the following legal bases: contract performance, legitimate interests, consent, and legal obligations. You have the right to lodge a complaint with your local data protection authority.
9. CCPA Compliance (California Users)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to opt-out of the sale of personal information (we do not sell personal information)
- Right to deletion of personal information
- Right to non-discrimination for exercising CCPA rights
10. Cookies and Tracking
We use cookies and similar tracking technologies to enhance your experience:
- Essential cookies: Required for the Service to function
- Analytics cookies: Help us understand how you use the Service
- Preference cookies: Remember your settings and preferences
You can control cookies through your browser settings. Disabling certain cookies may limit functionality.
11. Children's Privacy
The Service is not intended for users under 18 years of age. We do not knowingly collect information from children. If you believe we have collected information from a child, please contact us immediately.
12. International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses approved by the European Commission.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through a prominent notice on the Service. Your continued use after changes indicates acceptance of the updated policy.
14. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at:
Email: privacy@ddmarc.com
Phone: +1 (555) 123-4567
Address: 123 Security Boulevard, San Francisco, CA 94102
Data Protection Officer: dpo@ddmarc.com
Questions about this policy?
Our compliance and security teams are available to help you understand how we handle data, meet regional regulations, and support your audit requirements.