This Privacy Policy describes how DMARCwise (“we”, “us”, or “our”) collects, uses, and shares your personal data when you use our DMARC monitoring service (“Service”). We are committed to protecting your privacy and ensuring the security of your personal information in compliance with applicable data protection laws.

This policy has been drafted in accordance with:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR)
  • The Italian Privacy Code (Legislative Decree 30 June 2003 n. 196)
  • Guidelines of the Italian Privacy Guarantor, including the Guidelines for combating spam issued on July 4, 2013

Data Controller

DMARCwise is the Data Controller for the personal data processed as described in this policy.

Email: support@dmarcwise.io

VAT number: IT02632420226

Business name: TrackBot di Matteo Contrini

Country: Italy

Chamber of Commerce of Trento: REA TN-246397

Types of Data Collected and Purposes of Processing

Account Information

  • Data collected: Email address, name, and other essential details necessary for account creation.
  • Purpose: To create and manage your account, provide our services, and communicate with you.
  • Legal basis: Performance of a contract (Article 6(1)(b) GDPR).
  • Retention period: For the duration of your account with us.

Technical Information

  • Data collected: IP address, user agent, JA4 fingerprint.
  • Purpose: Technical purposes, like temporary logging for debugging and protection from cybersecurity threats.
  • Legal basis: Legitimate interests (Article 6(1)(f) GDPR).
  • Retention period: 1 month, or more in case of a cybersecurity incident.

DMARC Diagnosis Data

  • Data collected: Full email content submitted for DMARC diagnosis.
  • Purpose: To provide the DMARC diagnosis service and improve our service.
  • Legal basis:
    • For account holders: Performance of a contract (Article 6(1)(b) GDPR).
    • For non-account holders: Legitimate interests (Article 6(1)(f) GDPR) based on the implied consent and expectation of processing when submitting an email for diagnosis.
  • Retention period:
    • For account holders: Indefinitely, or until account closure.
    • For non-account holders: 1 month, ore more in specific and limited cases (e.g. debugging purposes).

Website Analytics

  • Data collected: Anonymous, aggregated metrics such as page views, session duration, and user flow.
  • Purpose: To improve website performance and user experience.
  • Legal basis: Legitimate interests (Article 6(1)(f) GDPR).
  • Retention period: 1 year.

Payment Processing

Payments are processed by Paddle, which acts as an independent Data Controller for payment information. We do not store payment information or customers addresses. For information about how Paddle processes your data, please visit Paddle Privacy Policy.

Legitimate Interests and Your Rights

In cases where the legal basis for processing is legitimate interest, we ensure that our legitimate interest does not override your rights and freedoms. We carefully balance our interests against your privacy rights. You can read more about your rights in the dedicated section of this policy.

Disclosure of Personal Data

To provide the service, we use some third-party companies and IT tools, which have been appropriately appointed as data processors pursuant to Art. 28 GDPR. For example, we rely on an external service to host the database where your data is stored.

The data is not otherwise transferred or communicated to third parties, except in cases where this is necessary to comply with legal obligations or to follow up on requests from authorities.

Your personal data may be transferred outside the European Union. In any case, the transfer will only take place to countries that guarantee an adequate level of protection, as established by the European Commission.

Data Subject Rights

Under the GDPR, you have the following rights:

  • You can request access to your personal data, their rectification, and their portability at any time.
  • You can request the deletion of your personal data, the restriction of processing, or object to the processing at any time.

To exercise your rights, you can contact us via email without any particular formalities.

We will respond to your request as soon as possible and in accordance with applicable law. Please note that in some cases, we may need to verify your identity to process your request.

If you are unsatisfied with our response, you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

Data security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption, access controls, and regular security assessments.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date.

If there are significant changes to this Privacy Policy, we will notify you via email or through our service.

Last updated: 2024-08-26