Privacy Policy

Last updated: February 20, 2026

At Email Watch, we take your privacy seriously. This Privacy Policy explains how we collect, use, and protect your information when you use our DMARC monitoring service.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Password (encrypted and never stored in plain text)
  • Account preferences and settings

Domain Information

To provide our DMARC monitoring service, we collect:

  • Domain names you add to your account
  • DNS records for verification purposes
  • DMARC configuration settings

DMARC Reports

We collect and process DMARC aggregate reports sent by email providers, which include:

  • Sending IP addresses
  • Email volume statistics
  • Authentication results (SPF, DKIM, DMARC pass/fail)
  • Report metadata (date ranges, reporting organization)

Important: We only collect aggregate reports (RUA). We do not collect forensic reports (RUF) which contain individual email headers or message content.

Usage Information

When you use our service, we automatically collect:

  • Log data (IP addresses, browser type, access times)
  • Feature usage and interactions (if you've enabled analytics)
  • Error and diagnostic information

Payment Information

If you subscribe to a paid plan:

  • We use Stripe for payment processing
  • We store your subscription status and plan details
  • We do not store credit card numbers or payment details (handled securely by Stripe)

2. How We Use Your Information

We use the information we collect to:

  • Provide our service: Monitor DMARC reports, detect threats, and generate insights
  • AI-powered analysis: Process your DMARC data through Google Vertex AI (Gemini models) to provide plain-English explanations and recommendations
  • Send notifications: Alert you to security threats, authentication issues, and important account updates via email
  • Improve our service: Analyze aggregate usage patterns to enhance features and performance
  • Billing and account management: Process payments and manage your subscription
  • Customer support: Respond to your questions and resolve issues
  • Legal compliance: Meet regulatory requirements and enforce our Terms of Service

3. Data Retention

We retain your data for the following periods:

  • DMARC reports: 90 days from receipt (automatically deleted afterward)
  • Account information: Until you delete your account
  • AI analysis results: 90 days or until you delete your account
  • Billing records: As required by law (typically 7 years)

4. Third-Party Services

We use the following third-party services to operate Email Watch:

Google Vertex AI

We use Google's Vertex AI (Gemini models) to analyze your DMARC data and provide AI-powered insights. Your data is processed in accordance with Google Cloud's Terms of Service and is not used to train Google's models.

Stripe

We use Stripe for payment processing. Your payment information is handled directly by Stripe and subject to Stripe's Privacy Policy.

Brevo (Email)

We use Brevo to send transactional emails (account notifications, alerts, password resets). Email delivery is subject to Brevo's Privacy Policy.

PostHog (Optional Analytics)

If you enable analytics in your settings, we use PostHog to understand how you use our service. This is optional and can be disabled at any time in your account settings. Analytics data is subject to PostHog's Privacy Policy.

Google Cloud Platform

Our infrastructure runs on Google Cloud Platform (GCP). Your data is stored in GCP's us-central1 region (Iowa, USA) and is subject to Google Cloud's Privacy Notice.

5. Data Security

We implement industry-standard security measures to protect your data:

  • All data transmitted to and from Email Watch is encrypted using TLS 1.3
  • Passwords are hashed using bcrypt
  • Database connections are encrypted
  • Access to your data is restricted to authorized personnel only
  • Regular security audits and monitoring
  • Automated backups with encryption at rest

6. Your Rights

You have the following rights regarding your personal information:

Access

You can view and download your account information and DMARC data at any time through your dashboard.

Correction

You can update your account information in your account settings.

Deletion

You can delete your account at any time. This will permanently delete:

  • Your account and profile information
  • All domains associated with your account
  • All DMARC reports and analysis data
  • Your subscription (you will not be charged again)

Note: We may retain billing records as required by law.

Export

You can export your DMARC data in standard formats (CSV, JSON) from your dashboard.

Opt-Out

You can opt out of non-essential emails and analytics tracking in your account settings. You cannot opt out of essential account notifications (security alerts, billing notices).

7. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential cookies: Required for authentication and security (cannot be disabled)
  • Analytics cookies: Track usage patterns (optional, can be disabled in settings)

We do not use advertising cookies or sell your data to third parties.

8. Data Sharing

We do not sell your personal information. We may share your data only in the following circumstances:

  • With your consent: When you explicitly authorize us to share information
  • Service providers: With third-party services listed above, only as necessary to operate our service
  • Legal requirements: When required by law, court order, or government regulation
  • Business transfers: In the event of a merger, acquisition, or sale of assets (you will be notified)
  • Security and fraud prevention: To protect our users and prevent abuse

9. Children's Privacy

Email Watch is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. International Users

Email Watch is operated from the United States. Your data is stored in GCP's us-central1 region (Iowa, USA). By using our service, you consent to the transfer and processing of your information in the United States.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page
  • Updating the "Last updated" date at the top
  • Sending you an email notification (for significant changes)

Your continued use of Email Watch after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

  • Email: privacy@emailwatch.co
  • Mail: Charles Green, LLC
    Email Watch Privacy
    PO Box 7775
    Austin, TX 78713
    United States

Read our Terms of Service

Back to Home Start Free Trial