Privacy Policy

Last updated: February 23, 2026

At Email Watch, we take your privacy seriously. This Privacy Policy explains how we collect, use, and protect your information when you use our DMARC monitoring service.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Password (encrypted and never stored in plain text)
  • Account preferences and settings

Domain Information

To provide our DMARC monitoring service, we collect:

  • Domain names you add to your account
  • DNS records for verification purposes
  • DMARC configuration settings

DMARC Reports

We collect and process DMARC aggregate reports sent by email providers, which include:

  • Sending IP addresses
  • Email volume statistics
  • Authentication results (SPF, DKIM, DMARC pass/fail)
  • Report metadata (date ranges, reporting organization)

Important: We only collect aggregate reports (RUA). We do not collect forensic reports (RUF) which contain individual email headers or message content.

Usage Information

When you use our service, we automatically collect:

  • Log data (IP addresses, browser type, access times)
  • Feature usage and interactions (if you've enabled analytics)
  • Error and diagnostic information

Payment Information

If you subscribe to a paid plan:

  • We use Stripe for payment processing
  • We store your subscription status and plan details
  • We do not store credit card numbers or payment details (handled securely by Stripe)

2. How We Use Your Information

We use the information we collect to:

  • Provide our service: Monitor DMARC reports, detect threats, and generate insights
  • AI-powered analysis: Process your DMARC data through Google Vertex AI (Gemini models) to provide plain-English explanations and recommendations
  • Send notifications: Alert you to security threats, authentication issues, and important account updates via email
  • Improve our service: Analyze aggregate usage patterns to enhance features and performance
  • Billing and account management: Process payments and manage your subscription
  • Customer support: Respond to your questions and resolve issues
  • Legal compliance: Meet regulatory requirements and enforce our Terms of Service

3. Data Retention

We retain your data for the following specific periods:

Active Account Data

  • DMARC reports: Based on your subscription plan (Starter: 30 days, Professional: 90 days, Business: 1 year). Reports are automatically deleted after your plan's retention period.
  • Account information: Until you close your account
  • AI analysis results: Same as your plan's report retention period
  • Login and audit logs: 2 years for security monitoring

After Account Closure

When you close your account, we implement a 30-day grace period during which you can reactivate your account. After this period:

  • Personal data (email, name, settings): Permanently deleted after 30 days
  • Service data (domains, reports, analyses): Permanently deleted after 30 days
  • Authentication data (passwords, tokens): Deleted immediately upon closure

Legal Retention Requirements

The following data is retained for legal and tax compliance purposes, even after account closure:

  • Financial transaction records: 7 years (IRS audit requirements)
  • Invoices and payment history: 7 years (tax compliance)
  • Stripe customer identifiers: 7 years (chargeback dispute resolution - card networks allow disputes up to 540 days)

Pseudonymization: Financial records retained for legal purposes are pseudonymized - your name and email are deleted, and only transaction amounts, dates, and anonymized identifiers remain. These records cannot be used to identify you.

4. Third-Party Services

We use the following third-party services to operate Email Watch:

Google Vertex AI

We use Google's Vertex AI (Gemini models) to analyze your DMARC data and provide AI-powered insights. Your data is processed in accordance with Google Cloud's Terms of Service and is not used to train Google's models.

Stripe

We use Stripe for payment processing. Your payment information is handled directly by Stripe and subject to Stripe's Privacy Policy.

Brevo (Email)

We use Brevo to send transactional emails (account notifications, alerts, password resets). Email delivery is subject to Brevo's Privacy Policy.

PostHog (Analytics)

We use PostHog to understand how our service is used and to improve the user experience. Analytics data helps us identify issues and prioritize features. This data is subject to PostHog's Privacy Policy.

Google Cloud Platform

Our infrastructure runs on Google Cloud Platform (GCP). Your data is stored in GCP's us-central1 region (Iowa, USA) and is subject to Google Cloud's Privacy Notice.

5. Data Security

We implement industry-standard security measures to protect your data:

  • All data transmitted to and from Email Watch is encrypted using TLS 1.3
  • Passwords are hashed using bcrypt
  • Database connections are encrypted
  • Access to your data is restricted to authorized personnel only
  • Regular security audits and monitoring
  • Automated backups with encryption at rest

6. Your Rights

You have the following rights regarding your personal information:

Access

You can view and download your account information and DMARC data at any time through your dashboard.

Correction

You can update your account information in your account settings.

Account Closure (Right to Erasure)

You can close your account at any time from your account settings. Here's what happens:

  1. Immediate: Your account is deactivated and you cannot log in
  2. 30-day grace period: Your data is retained but inaccessible. You can reactivate by contacting support.
  3. After 30 days: Personal data is permanently deleted; financial records are pseudonymized and retained for 7 years per legal requirements.

We will send you confirmation emails at each stage of this process.

Data Export (Right to Portability)

Before closing your account, you can export all your data in machine-readable formats:

  • Available formats: JSON (structured) and CSV (spreadsheet-compatible)
  • Includes: Profile information, domain configurations, DMARC reports, AI analysis results, and billing history
  • Availability: Export link remains valid for 7 days after generation

You can request a data export from your account settings or during the account closure process.

Opt-Out

You can opt out of non-essential emails and analytics tracking in your account settings. You cannot opt out of essential account notifications (security alerts, billing notices).

7. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential cookies: Required for authentication and security (cannot be disabled)
  • Analytics cookies: Track usage patterns (optional, can be disabled in settings)

We do not use advertising cookies or sell your data to third parties.

8. Data Sharing

We do not sell your personal information. We may share your data only in the following circumstances:

  • With your consent: When you explicitly authorize us to share information
  • Service providers: With third-party services listed above, only as necessary to operate our service
  • Legal requirements: When required by law, court order, or government regulation
  • Business transfers: In the event of a merger, acquisition, or sale of assets (you will be notified)
  • Security and fraud prevention: To protect our users and prevent abuse

9. Children's Privacy

Email Watch is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. International Users

Email Watch is operated from the United States. Your data is stored in GCP's us-central1 region (Iowa, USA). By using our service, you consent to the transfer and processing of your information in the United States.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page
  • Updating the "Last updated" date at the top
  • Sending you an email notification (for significant changes)

Your continued use of Email Watch after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

  • Email: privacy@emailwatch.co
  • Mail: Charles Green, LLC
    Email Watch
    1111B S Governors Ave STE 21617
    Dover, DE 19904
    United States