We collect only what we need to run the service. We do not sell your data, share it with advertisers, or use it for any purpose other than providing DMARC Intelligence to you.
DMARC aggregate reports contain no email content. The reports we process contain only sending IP addresses, message counts, and pass/fail authentication flags. No email bodies, subject lines, or recipient addresses are ever present in this data.
You can request deletion of your data at any time by emailing info@crmbuzz.com. We respond within 30 days.
1. What We Collect
DMARC Intelligence is a B2B service. The data we collect falls into the following categories:
| Category | What It Includes | Why We Collect It |
|---|---|---|
| Account Information | Name, work email address, company name — provided by you at signup or during onboarding | To create and manage your account; to communicate with you about the service |
| Domain Data | Domain names you add to the platform, DNS records we generate, DNS validation results, DMARC policy configurations | To provide monitoring, DNS tooling, and compliance analysis for your domains |
| DMARC Report Data | Aggregate XML reports submitted by ISPs and mailbox providers: sending IP addresses, message volume counts per IP per reporting period, SPF/DKIM authentication results (pass/fail). No email content, message bodies, subject lines, or recipient addresses. | To parse, display, and analyze your domain's email authentication compliance |
| Usage Data | Pages visited within the service, diagnostic tools used, feature interactions — collected in anonymized or aggregated form | To improve the platform and understand how features are used |
| Billing Information | Payment processing is handled entirely by our payment processor. We receive only your subscription plan type, subscription status (active/cancelled), and billing period — we do not store card numbers, bank details, or full payment credentials | To manage your subscription and entitlements |
| Support Communications | Emails, messages, or other communications you send to us | To respond to and resolve your inquiries |
What DMARC aggregate reports do NOT contain. This is worth stating explicitly. DMARC aggregate reports (RFC 7489 RUA reports) are a technical protocol standard. They are structurally incapable of containing email content. There are no message bodies, no subject lines, no names of email senders or recipients, and no email addresses of individuals involved in any email exchange. The data is purely infrastructure metadata: which IP addresses sent email claiming to be from your domain, how many messages, and whether authentication checks passed or failed.
2. How We Use It
We use the data we collect for the following purposes:
- Service delivery. Parse incoming DMARC aggregate reports, run DNS validation checks, display compliance dashboards and analytics, and operate diagnostic tools on your behalf.
- Transactional communications. Send you service-related emails, including billing receipts, subscription status updates, DNS validation alerts, compliance degradation notifications, and onboarding communications. These communications are necessary to operate the service and are not optional.
- Customer support. Respond to your questions, troubleshoot issues, and resolve account problems.
- Platform improvement. Analyze anonymized or aggregated usage patterns to identify feature gaps, performance issues, and product improvements. Individual customer data is not used for this purpose in identifiable form.
- Security and fraud prevention. Monitor for unusual activity, enforce our Terms of Service, and protect the integrity of the platform.
- Legal compliance. Fulfill legal obligations, respond to lawful requests from authorities, and enforce our rights under applicable law.
What we do not do with your data:
- We do not sell your data to any third party.
- We do not share your data with advertising networks or data brokers.
- We do not use your data to target you with third-party advertising.
- We do not share your data with other customers of the Service.
- We do not use your DMARC report data to analyze, benchmark, or draw conclusions about your competitors or any third party.
- We do not train machine learning or AI models on your Customer Data without your explicit consent.
3. Data Storage & Security
Infrastructure. Customer Data is stored in a private PostgreSQL database hosted on infrastructure controlled by CRMBuzz LTD. The database is access-controlled, not exposed to the public internet, and accessible only to the application and authorized personnel.
Data isolation. Your data is logically separated from other customers' data. No Customer Data is shared between accounts, and no customer can access another customer's domains, reports, or analytics.
Encryption in transit. All communication between your browser and the Service is encrypted using TLS (HTTPS). DMARC report emails are received over encrypted IMAP connections.
Access controls. Access to customer data is restricted to CRMBuzz LTD personnel who require it to operate and support the Service. Access is reviewed and limited on a need-to-know basis.
Security practices. CRMBuzz LTD applies industry-standard security practices including application-level authentication, environment variable management for secrets, and server-side access logging. We do not store plaintext passwords.
Incident response. In the event of a data breach that affects your personal information, we will notify you in accordance with applicable law, without undue delay.
Data retention. We retain your DMARC report data and associated account information for the duration of your active subscription. Following cancellation or termination of your subscription, we retain your data for up to 30 additional days to allow for data export requests, after which it is permanently deleted. Certain records (such as billing history) may be retained longer as required by law.
No security system is impenetrable. While we employ industry-standard measures, we cannot guarantee absolute security of information transmitted over the internet.
4. Third-Party Services
To provide the Service, we interact with the following third-party services. We share only the minimum data necessary for each service's function:
| Service | Purpose | Data Shared |
|---|---|---|
| ip-api.com | IP address geolocation — used to display country-level sender heatmaps and enrich DMARC report data with geographic context | Sending IP addresses extracted from DMARC aggregate reports only. No personal data, account information, or domain names are shared. |
| Cloudflare (1.1.1.1) & Google (8.8.8.8) Public DNS | DNS record validation — used to verify your DMARC, SPF, and DKIM DNS records are correctly published and propagated | Domain names you have added to the Service. Standard DNS queries do not include account-identifying information. |
| Payment Processor | Subscription billing and payment management | Your name, email address, and billing details as required to process payment. CRMBuzz LTD receives only your plan type and subscription status in return — not your payment credentials. |
| Email Infrastructure (SMTP) | Sending transactional emails (billing notices, alerts, onboarding) | Your name and email address, and the content of transactional messages we send you. |
We do not integrate with advertising networks, social media trackers, analytics platforms (such as Google Analytics), or any third-party service that would track your behavior across other websites.
Third-party services we use are subject to their own privacy policies. We encourage you to review the privacy practices of ip-api.com and your payment processor if you have concerns.
5. Your Rights
Depending on your jurisdiction, you may have the following rights with respect to your personal data. CRMBuzz LTD honors these rights regardless of whether you are technically subject to GDPR or CCPA:
Request a copy of the personal data we hold about you, including your account information and any data associated with your subscription.
Request correction of inaccurate or incomplete personal data. You can update most account information directly within the Service.
Request deletion of your personal data and Customer Data. We will process deletion requests within 30 days. Note that deletion may require termination of your subscription.
Request an export of your Customer Data in a machine-readable format before subscription termination or deletion.
Request restriction of processing your personal data in certain circumstances, such as while we investigate a dispute.
Object to processing of your personal data for purposes other than providing the contracted Service.
To exercise any of these rights, contact us at info@crmbuzz.com with your request. We will respond within 30 days. We may ask you to verify your identity before processing the request.
GDPR (EU/EEA Residents). If you are located in the European Union or European Economic Area, you have the rights described above under the General Data Protection Regulation. The legal basis for processing your personal data is: performance of a contract (to operate the Service you subscribed to), legitimate interests (security and platform improvement), and legal obligation (compliance with applicable law). You also have the right to lodge a complaint with your local data protection authority.
CCPA (California Residents). If you are a California resident, you have the right to know what personal information we collect, the right to delete your personal information, the right to opt out of the sale of your personal information (we do not sell personal information), and the right not to be discriminated against for exercising your CCPA rights.
6. Cookies
DMARC Intelligence uses a minimal cookie footprint:
- Session cookie (required). A single session cookie is set when you log in to the Service. This cookie stores your authenticated session token and is required for the Service to function. It is a first-party, HttpOnly, Secure cookie and expires when you log out or your session times out. Without this cookie, the Service cannot authenticate you.
We do not use:
- Tracking cookies
- Analytics cookies (e.g. Google Analytics, Mixpanel, Heap)
- Advertising cookies or retargeting pixels
- Third-party social media cookies
- Persistent identifier cookies beyond the session cookie described above
The marketing pages for DMARC Intelligence (including this page) do not set any cookies. No cookie consent banner is required because no tracking cookies are in use. If this changes, we will update this policy and implement appropriate notice.
7. Children's Privacy
DMARC Intelligence is a B2B service intended for business professionals and is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected such information, please contact us at info@crmbuzz.com and we will promptly delete it.
8. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will notify you by email to the address associated with your account at least 30 days before the changes take effect.
Non-material changes (such as clarifications, corrections, or additions to reflect new features that do not change how we handle your data) may be made without advance notice and will take effect upon posting.
The "Effective Date" at the top of this page indicates when this policy was last revised. Your continued use of the Service after the effective date of any change constitutes your acceptance of the updated policy.
9. Contact
For privacy-related inquiries, data subject requests, or questions about this policy, contact us:
CRMBuzz LTD — Privacy Inquiries
Operating DMARC Intelligence
Email: info@crmbuzz.com
Web: https://dmarc.dev.crmbuzz.com
We respond to all privacy requests within 30 days. For data deletion or export requests, please include your account email address and the nature of your request.