Privacy Policy

Last Updated: December 9, 2024 | Effective Date: December 9, 2024

1. Introduction

MailSentinel ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, applications, and services (collectively, the "Service").

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with our policies and practices, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

We collect information you directly provide to us, including:

  • Account Information: Name, email address, company name, job title, and password when you create an account.
  • Billing Information: Payment card details, billing address, and transaction history (payment processing is handled by our third-party payment processor).
  • Domain Information: Domain names you register for monitoring.
  • Communication Data: Information in emails, support tickets, and other communications with us.
  • Survey and Feedback Data: Responses to surveys, feedback forms, and user research.

2.2 Information Collected Automatically

When you use the Service, we automatically collect certain information:

  • Usage Data: Pages visited, features used, actions taken, and time spent on the Service.
  • Device Information: Device type, operating system, browser type, screen resolution, and unique device identifiers.
  • Log Data: IP address, access times, referring URLs, and error logs.
  • Location Data: Approximate location based on IP address.
  • Cookies and Tracking: Information collected through cookies, pixels, and similar technologies.

2.3 DMARC Report Data

When you configure your domain to send DMARC reports to MailSentinel, we receive:

  • Aggregate reports containing statistics about emails sent using your domain
  • Forensic reports (if enabled) containing details about specific email authentication failures
  • Information about sending IP addresses, email volumes, and authentication results

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process transactions and send related information
  • Send transactional emails (account verification, password reset, alerts)
  • Send promotional communications (with your consent)
  • Respond to your comments, questions, and support requests
  • Monitor and analyze usage patterns and trends
  • Detect, prevent, and address technical issues and security threats
  • Personalize and improve your experience
  • Comply with legal obligations
  • Enforce our Terms of Service

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA) or UK, we process your personal data based on the following legal grounds:

  • Contract Performance: To provide the Service you requested.
  • Legitimate Interests: For fraud prevention, security, product improvement, and marketing (where not overridden by your rights).
  • Consent: Where you have given explicit consent for specific purposes.
  • Legal Obligation: To comply with applicable laws and regulations.

5. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We share information with third-party vendors who perform services on our behalf, including:

  • Cloud hosting providers (infrastructure)
  • Payment processors (billing)
  • Email service providers (communications)
  • Analytics providers (usage analysis)
  • Customer support tools

5.2 Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect our rights, property, or safety.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity.

5.4 With Your Consent

We may share information with third parties when you explicitly consent to such sharing.

6. Data Retention

We retain your information for as long as necessary to:

  • Provide the Service to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements

Specific retention periods:

  • Account Data: Retained while your account is active and for 30 days after deletion.
  • DMARC Report Data: Retained according to your subscription plan (90 days to 1+ years).
  • Billing Records: Retained for 7 years for tax and legal compliance.
  • Log Data: Retained for 90 days for security and debugging purposes.
  • Analytics Data: Aggregated and anonymized data may be retained indefinitely.

7. Your Rights and Choices

7.1 Access and Portability

You have the right to access, review, and obtain a copy of your personal data. You can export your data through your account settings or by contacting us.

7.2 Correction

You can update or correct your account information through your account settings. Contact us to correct other personal data.

7.3 Deletion

You can request deletion of your account and personal data. We will delete your data within 30 days, except where retention is required by law.

7.4 Restriction and Objection

You can request that we restrict processing of your data or object to certain processing activities.

7.5 Marketing Communications

You can opt out of marketing emails by clicking the "unsubscribe" link or updating your preferences. Note that you will still receive transactional emails related to your account.

7.6 California Privacy Rights (CCPA)

California residents have additional rights under the CCPA, including the right to know, delete, and opt-out of sale of personal information. We do not sell personal information.

7.7 Exercising Your Rights

To exercise any of these rights, contact us at privacy@mailsentinel.io. We will respond to your request within 30 days.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Keep you logged in
  • Remember your preferences
  • Understand how you use the Service
  • Improve and personalize the Service
  • Analyze traffic and trends

Types of cookies we use:

  • Essential Cookies: Required for the Service to function.
  • Functional Cookies: Remember your preferences and settings.
  • Analytics Cookies: Help us understand usage patterns.

You can control cookies through your browser settings. See our Cookie Policy for more details.

9. Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption of data in transit (TLS/SSL) and at rest (AES-256)
  • Regular security assessments and penetration testing
  • Access controls and authentication requirements
  • Employee training on data protection
  • Incident response procedures
  • SOC 2 Type II compliance program

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including:

  • Standard Contractual Clauses approved by the European Commission
  • Data Processing Agreements with service providers
  • Compliance with applicable data protection laws

11. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will delete it promptly. If you believe we have collected information from a child, please contact us.

12. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date. For material changes, we will provide prominent notice or direct notification.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

MailSentinel - Privacy Team

Email: privacy@mailsentinel.io

Support: support@mailsentinel.io

Website: https://mailsentinel.io

For GDPR-related inquiries, you may also contact our Data Protection Officer at dpo@mailsentinel.io.