Privacy Policy

1. Information We Collect

DMARCfix collects the following information to provide our email security monitoring service:

• Domain names you submit for scanning. These are used to query publicly available DNS records (DMARC, SPF, DKIM, MX, MTA-STS, BIMI).
• Email address provided at purchase for delivering scan reports, setup guides, and monitoring alerts.
• Payment information processed securely by Stripe. We store only Stripe customer IDs and payment intent IDs for reference — we never store credit card numbers, CVVs, or expiration dates on our servers.
• Scan results including security scores, DNS record findings, and risk assessments for purchased domains.
• Usage data such as pages visited and scan requests, collected via anonymized analytics.

2. How We Use Your Information

• To perform DNS record scans on domains you provide
• To generate and deliver security reports and setup guides
• To send monitoring alerts when your domain's security status changes
• To process payments through Stripe
• To improve our service and fix technical issues

3. What We Do NOT Collect

• We do not read, intercept, or access your emails
• We do not access your DNS management panel or modify your DNS records
• We do not store your credit card information (handled entirely by Stripe)
• We do not sell or share your personal information with third parties for marketing purposes

4. DNS Scanning

Our scanning service queries publicly available DNS records using standard DNS resolution protocols. This is the same information available to anyone using tools like dig or nslookup. We do not perform any intrusive testing, penetration testing, or access any non-public systems.

5. Data Retention

We retain your data for the minimum period necessary to provide our services:

• Purchase records (domain, plan, email, Stripe IDs): Retained for 3 years from the date of purchase for accounting and legal compliance purposes.
• Paid scan results: Retained for the duration of your monitoring period (30 days for Protect, 1 year for Brokerage) plus an additional 90 days for historical comparison. After this period, scan data is automatically deleted.
• Free scan results (from the landing page): Retained for 90 days for analytics purposes, then automatically deleted.
• Monitoring logs: Retained for the duration of your monitoring period, then deleted within 30 days.
• Badge status data: Retained for 1 year from purchase date (badge validity period).

5a. Data Deletion

You may request deletion of your personal data at any time by emailing [email protected] with the subject line "Data Deletion Request" and including the domain name(s) and email address associated with your purchase. We will process deletion requests within 30 business days. Please note that we may retain certain data as required by law (e.g., financial transaction records for tax compliance).

6. Third-Party Services

• Stripe — Payment processing. See Stripe's Privacy Policy.
• Google DNS-over-HTTPS — Primary DNS record resolution. See Google's DNS Privacy Policy.
• Cloudflare DNS-over-HTTPS — Fallback DNS resolution when Google DNS is unavailable. See Cloudflare's Privacy Policy.

7. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by contacting us at the email address below. If you are located in the European Economic Area, you have additional rights under the GDPR, including the right to data portability and the right to lodge a complaint with a supervisory authority.

8. Security

We implement industry-standard security measures to protect your information, including HTTPS encryption for all data in transit and secure storage practices for data at rest.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact

For privacy-related inquiries, please contact us at: [email protected]