Privacy policy built
on real respect.

1. Introduction

MailShield ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service, including our website and platform.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Service. By accessing and using MailShield, you acknowledge that you have read, understood, and agree to be bound by all the provisions of this Privacy Policy.

2. Information We Collect

We collect information in several ways:

2.1 Information You Provide Directly

• Account Registration: Name, email address, company name, phone number, billing address
• Billing Information: Payment method, credit card information (processed through Stripe), billing address
• Domain Information: Domain names you want to monitor, contact information for domain administrators
• Communication: Any information you provide when contacting our support team

2.2 Information Collected Automatically

• DMARC Reports: We collect and parse DMARC aggregate reports and forensic reports sent by email receivers to your domain's DMARC reporting address (rua@ and ruf@)
• DNS Records: We collect DNS record data for your domains (SPF, DKIM, DMARC, MX, TXT, CNAME records, etc.)
• Email Metadata: Information about emails sent from your domains, including source IP addresses, authentication results, headers (without message content)
• Usage Data: Pages visited, features used, login times, interactions with the Service, error reports
• Device Information: IP address, browser type, operating system, referring URL, pages visited
• Cookies and Tracking: We use cookies, local storage, and similar technologies to enhance your experience and understand usage patterns

2.3 Information from Third Parties

• Information from payment processors (Stripe) to verify transactions
• Information from authentication providers (Google OAuth)
• Publicly available WHOIS data and DNS information

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Provision: To provide, maintain, and improve the MailShield platform
• DMARC Analysis: To parse, analyze, and report on DMARC data and email authentication
• Threat Detection: To detect and prevent email spoofing, phishing, and other security threats
• DNS Monitoring: To monitor DNS record changes and alert you to potential issues
• Account Management: To manage your account, process payments, and send invoices
• Communication: To respond to your inquiries, send account notifications, and provide customer support
• Product Improvement: To analyze usage patterns and improve our Service (using anonymized data)
• Marketing: To send promotional emails and updates about new features (you can opt out)
• Legal Compliance: To comply with applicable laws, regulations, and legal requests
• Security: To prevent fraud, abuse, and unauthorized access to our Service

4. Data Retention

We retain your data as follows:

Data Type	Retention Period
Account Information	For the duration of your subscription plus 30 days after termination
DMARC Reports	Typically 2 years or as specified by your plan
DNS Records & Monitoring Data	2 years or as specified by your plan
Usage Logs	90 days (automatically deleted)
Payment Information	Retained by Stripe; we retain transaction records for 7 years for tax purposes
Security Logs	30 days (for breach investigation purposes)

You may request deletion of your account and data at any time through your account settings or by contacting us. Upon deletion, we will remove your data within 30 days, except where we are required to retain it for legal or tax purposes.

5. Data Security and Storage

We implement comprehensive security measures to protect your information:

• Encryption: All data is encrypted in transit using TLS/SSL (256-bit encryption minimum)
• Data at Rest: Sensitive data is encrypted at rest using AES-256 encryption
• Infrastructure: We use AWS or similar enterprise-grade cloud providers with SOC 2 compliance
• Access Controls: Access to customer data is restricted to authorized employees with need-to-know authorization
• Backups: We maintain encrypted backups to protect against data loss
• Network Security: Our infrastructure is protected by firewalls, intrusion detection, and DDoS protection
• Regular Audits: We perform regular security audits and penetration testing

While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

6. Third-Party Services and Integrations

Our Service integrates with third-party services. Your data may be shared with these providers as necessary to deliver the Service:

6.1 Payment Processing

Stripe — We use Stripe to process all payments. Stripe is PCI DSS compliant and does not store full credit card details on our servers. Your payment information is subject to Stripe's Privacy Policy.

6.2 Authentication

Google OAuth — You may choose to sign in using your Google account. Google handles your authentication credentials. We receive limited information (email, name) from Google.

6.3 Infrastructure and Hosting

Amazon Web Services (AWS) — We host our infrastructure on AWS. Your data is stored on AWS servers and is subject to AWS's privacy and security practices.

6.4 Communications

Email Service Providers — We use third-party email providers to send notifications, alerts, and reports. These providers are contractually obligated to protect your data.

We do not sell, trade, or rent your personal information to third parties for marketing purposes. All third-party service providers are contractually required to maintain the confidentiality and security of your data.

7. Cookies and Tracking Technologies

MailShield uses cookies and similar tracking technologies to:

• Keep you logged in to your account
• Remember your preferences
• Analyze how you use the Service
• Prevent fraud and enhance security

Types of Cookies We Use

• Essential Cookies: Required for authentication and security (you cannot opt out)
• Preference Cookies: Remember your settings and choices
• Analytics Cookies: Help us understand usage patterns

You can control cookie preferences through your browser settings. However, disabling cookies may affect the functionality of the Service. We do not use third-party analytics cookies that track you across other websites.

8. Data Sharing and Disclosure

We do not sell, trade, or share your personal information with third parties except in the following circumstances:

• Service Providers: We share data with trusted vendors who help us operate our business (payment processors, hosting providers, support tools)
• Legal Requirements: We may disclose information if required by law, court order, or government request (with notice to you when legally permissible)
• Business Transfers: If MailShield is acquired or merges with another company, your data may be transferred as part of that transaction
• Consent: We may share information with your explicit consent for specific purposes
• Aggregate Data: We may share anonymized, aggregated data for research, analytics, and reporting

We do not share your domain monitoring data with other customers or use it for purposes beyond providing the Service to you.

9. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

9.1 European Union (GDPR)

If you are located in the EU, you have the following rights:

• Right to Access: You can request a copy of the personal data we hold about you
• Right to Rectification: You can request correction of inaccurate data
• Right to Erasure: You can request deletion of your data (right to be forgotten)
• Right to Restrict Processing: You can limit how we use your data
• Right to Data Portability: You can request your data in a portable format
• Right to Object: You can object to certain types of processing
• Right to Withdraw Consent: You can withdraw consent for data processing at any time

9.2 California (CCPA)

California residents have the right to:

• Know what personal information is collected
• Know whether personal information is sold or disclosed
• Delete personal information collected from you
• Opt-out of the sale of personal information

9.3 Other Jurisdictions

Depending on your location, you may have additional privacy rights. Please contact us to learn about your specific rights.

To exercise any of these rights, please contact us at privacy@mailshield.io with your request. We will respond within 30 days (or as required by applicable law). We may ask you to verify your identity before processing your request.

10. Data Processing and GDPR Compliance

For customers in the EU, we comply with GDPR requirements:

• We process data only as necessary to provide the Service and comply with legal obligations
• We have implemented Data Processing Agreements (DPAs) with all relevant vendors
• We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing
• We notify customers without undue delay in case of a personal data breach
• We appoint a Data Protection Officer (DPO) for certain processing activities

If you have questions about our GDPR compliance, contact our DPO at dpo@mailshield.io.

11. International Data Transfers

Your information may be processed and stored in countries outside your country of residence, including the United States and Israel. These countries may have data protection laws that differ from your home country.

When we transfer data internationally, we implement appropriate safeguards:

• Standard Contractual Clauses (SCCs)
• Your explicit consent (where applicable)
• Adequacy decisions (where applicable)

By using MailShield, you consent to the transfer of your information outside your country of residence.

12. Children's Privacy

MailShield is not intended for children under the age of 18. We do not knowingly collect information from children under 18. If we learn that we have collected personal information from a child under 18, we will delete such information promptly.

If you believe we have collected information from a child under 18, please contact us immediately at privacy@mailshield.io.

13. Marketing Communications

We may send you promotional emails and marketing communications about new features, updates, and offers. You can opt out of these communications at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Updating your communication preferences in your account settings
• Contacting us at hello@mailshield.io

Please note that even if you opt out of marketing communications, we will still send you transactional emails related to your account (billing, security alerts, password resets, etc.).

14. Do Not Track Signals

Some browsers include a "Do Not Track" feature. Our Service does not respond to "Do Not Track" signals. However, we do not use tracking technologies for advertising across third-party websites.

15. Security Incident Notification

In the event of a security breach affecting personal data, we will notify affected users and authorities as required by applicable law. Notifications will be sent without undue delay (typically within 72 hours for GDPR-regulated data) to the email address associated with your account.

To report a security incident, contact: security@mailshield.io

16. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, and legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date.

Your continued use of MailShield following notification of changes constitutes your acceptance of the updated Privacy Policy.

17. Contact Us

If you have questions about this Privacy Policy, our privacy practices, or your privacy rights, please contact us: