DDMARC
Your Privacy Matters

Privacy Policy

We believe in transparency. Here's exactly how we handle your data.

Last updated: January 10, 2026View Terms of Service

Our Commitment to Privacy

At DDMARC, we take your privacy seriously. This policy explains how we collect, use, and protect your data. We are GDPR compliant and SOC 2 Type II certified.

1. Information We Collect

Information You Provide

  • Account Information: Name, email address, company name, and password
  • Payment Information: Billing address and payment details (processed by Stripe)
  • Domain Information: Domain names you register for monitoring
  • Communications: Messages when contacting support or providing feedback

Information Collected Automatically

  • DMARC Reports: Aggregate and forensic reports from email providers
  • Usage Data: Features used, time spent, and interaction patterns
  • Device Information: Browser type, OS, IP address, and device identifiers
  • Cookies: Essential and analytics cookies (see Cookie Policy below)

2. How We Use Your Information

Provide email authentication monitoring services
Process and analyze DMARC reports
Send alerts, notifications, and updates
Process payments and prevent fraud
Respond to inquiries and support requests
Analyze usage to improve our platform

3. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience. Here's a detailed breakdown of the cookies we use:

Essential Cookies

Required

Required for authentication, security, and basic functionality. Cannot be disabled.

Examples:
  • Session cookies
  • CSRF tokens
  • Authentication state
Retention:

Session / 30 days

Analytics Cookies

Optional

Help us understand how you use our platform to improve your experience.

Examples:
  • Google Analytics (_ga, _gid)
  • Page views
  • Feature usage
Retention:

Up to 2 years

Preference Cookies

Optional

Remember your settings and preferences for a better experience.

Examples:
  • Theme preference
  • Dashboard layout
  • Notification settings
Retention:

1 year

Marketing Cookies

Optional

Used for advertising and measuring campaign effectiveness. Currently not used.

Examples:
  • Not currently used
Retention:

N/A

Managing Cookie Preferences

You can manage cookie preferences through your browser settings. Note that disabling essential cookies may affect platform functionality.

4. Analytics & Third-Party Services

Google Analytics 4

We use Google Analytics to understand how visitors interact with our website and platform. This helps us improve user experience and identify issues.

IP anonymization enabled
Data sharing with Google disabled
Data retention set to 14 months
Google Privacy Policy

Opt-Out Options

You can opt out of Google Analytics using:

Other Services

We also use these third-party services:

  • Stripe - Payment processing
  • Vercel - Website hosting
  • AWS - Cloud infrastructure

5. Data Sharing & Disclosure

We do not sell your personal information.

We may share data with:

Service Providers: Third parties that help operate our platform (hosting, payments, analytics)
Legal Requirements: When required by law, court order, or government request
Business Transfers: In connection with a merger, acquisition, or sale of assets
With Your Consent: When you explicitly authorize us to share information

6. Data Security

Encryption

AES-256 at rest, TLS 1.3 in transit

SOC 2 Type II

Independently audited annually

ISO 27001

Certified security management

Pen Testing

Regular security assessments

Access Control

Role-based permissions

24/7 Monitoring

Continuous security monitoring

7. Data Retention

Data TypeRetention Period
Account DataUntil account deletion
DMARC Reports7 days - 1 year (based on plan)
Billing Records7 years (legal compliance)
Server Logs90 days
Analytics Data14 months

8. Your Rights (GDPR)

If you are in the European Economic Area (EEA), UK, or California, you have the following rights:

Access: Request a copy of your personal data
Rectification: Correct inaccurate or incomplete data
Erasure: Request deletion of your personal data
Portability: Receive data in machine-readable format
Restriction: Limit how we process your data
Object: Object to certain processing activities

To exercise these rights, contact us at privacy@ddmarc.com. We will respond within 30 days.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) for EU data transfers
  • Data Processing Agreements with all sub-processors
  • Data residency options (US, EU, APAC) for Enterprise customers

10. Contact Us

Privacy Inquiries

privacy@ddmarc.com

Data Protection Officer

dpo@ddmarc.com

Changes to this Policy: We may update this policy periodically. We will notify you of material changes via email or through our platform. Continued use after changes constitutes acceptance.

Start protecting your domain today

Ready to secure your email?

Start monitoring your DMARC reports today. Free 14-day trial, no credit card required.

Get Started FreeContact Sales