Your privacy is critically important to us. This policy outlines our commitment to protecting your personal data and explains how we collect, use, and safeguard your information.
This Privacy Policy outlines the commitment of SentraDMARC ("SentraDMARC," "we," "us") to protecting the personal data of our users. SentraDMARC provides web security and compliance services, specializing in the management of DMARC policies to protect domains from common threats such as phishing and spoofing.
This policy applies to all personal data processed by SentraDMARC in its capacity as a Data Controller. This includes data collected from visitors to our website (sentradmarc.com), individuals who use our free tools like the Analyzer, registered users of our free trial and paid services, and individuals who contact us for support or other inquiries. This policy also explains our role as a Data Processor when we handle data on behalf of our clients.
In adherence with data protection best practices, including recommendations from supervisory authorities such as the French Data Protection Authority (CNIL), this policy is structured in a layered format. We provide summary tables and clear headings to allow you to quickly find the information most relevant to you. Each summary is followed by a more detailed explanation for those who require a deeper understanding. Our goal is to ensure this information is concise, transparent, intelligible, and easily accessible, in line with the principles of the General Data Protection Regulation (GDPR).
For the purposes of the GDPR and other applicable data protection laws, the Data Controller responsible for the processing activities described in this policy is:
For any questions, concerns, or requests related to your personal data and the exercise of your privacy rights, please contact us through our dedicated email: contact@sentradmarc.com. Using this dedicated address ensures that your inquiry is directed to the team responsible for data protection matters for a timely and appropriate response.
The GDPR requires the appointment of a Data Protection Officer (DPO) for organizations whose core activities consist of processing operations that require regular and systematic monitoring of data subjects on a large scale.
SentraDMARC's services involve the automated analysis of potentially millions of DMARC reports on behalf of our clients to generate security policies. These reports may contain personal data of end-users, such as IP addresses. This activity could be construed as regular and systematic monitoring on a large scale.
In recognition of these obligations and our commitment to the highest standards of data governance, SentraDMARC has conducted the necessary internal analysis. We have designated an internal team, reachable at contact@sentradmarc.com, to handle all data protection responsibilities and ensure our ongoing compliance.
To ensure this policy is clear and easy to understand, we have defined some key terms:
The distinction between "Client" and "End-RiUserLine" is fundamental to this policy, allowing for a clear explanation of our different roles and responsibilities.
SentraDMARC operates in two distinct legal capacities under the GDPR: as a Data Controller and as a Data Processor.
We act as a Data Controller for our own business purposes (website visitors and direct Clients).
We act as a Data Processor when processing Personal Data on behalf of our Clients (e.g., DMARC Reports).
Under the GDPR, every processing activity must be justified by a specific lawful basis. We primarily rely on:
| RiPulseLine | Data Categories | Purpose | Lawful Basis |
|---|---|---|---|
| Website Browsing | IP, Cookies, Device RiInformationLine | Operation & Performance | Legitimate Interest |
| Free Tools | URL, Policy Headers | Providing Analysis | Legitimate Interest |
| Account Registration | Name, Email, Password | Account Management | Contract Performance |
| Paid Services | Usage Data, Billing info | Service Delivery & Billing | Contract Performance |
| Support/Sales | Contact Details, Message | Inquiry Response | Legitimate Interest |
The Builder is a tool designed to automatically generate an optimized Policy for a Client's domain by analyzing DMARC reports. This identifies legitimate email sources to recommend secure policies.
Our automated processing does not fall under Art. 22 because:
We implement safeguards including purpose limitation (specific to each Client), data minimization through aggregation, and a rule-based engine rather than generative models.
We use cookies on sentradmarc.com for functionality, performance analysis, and marketing.
Essential for core platform functionality.
Help us analyze traffic and site behavior.
Enable enhanced personalization features.
Set by partners for relevant advertising.
We do not sell your personal data. We only share it with third-party service providers (sub-processors) who help us operate our business. The following sub-processors are authorized to process data on our behalf:
| Sub-Processor | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Object Storage & Edge Functions | Europe |
| OVHcloud | Dedicated Infrastructure & RiDatabaseLine Hosting | Europe |
| Stripe | Payment Processing & Billing | Global (HQ: USA) |
We prioritize keeping your data within the EEA. Core data is stored with OVHcloud in the EU. Transfers outside the EEA use recognized legal mechanisms (SCCs).
We use TLS for transit and encryption at rest. Access is restricted via need-to-know policies. We perform regular vulnerability scans and systems are backed up for resilience.
We keep data only as long as necessary for its specific purpose:
| Data Type | Retention | Justification |
|---|---|---|
| Account Data | Subscription Duration | Contractual Necessity |
| Analyzer Data | Indefinitely | Legitimate Interest |
| Violation Reports | 90 Days | Operational Necessity |
| Support Logs | Indefinitely | Quality Assurance |
You have the rights to: Information, Access, Rectification, Erasure, Restriction, Portability, and Objection.
Submit your request to contact@sentradmarc.com. We respond within one month.
Important Note: If you are an End-RiUserLine of our Client's website, you must contact the website owner (the Data Controller) directly.
Children's Privacy: Our services are not intended for individuals under 16. We do not knowingly collect personal data from children under this age.
Changes to This Policy: We may update this policy periodically. Material changes will be noted by updating the "Last updated" date above.
For all privacy-related inquiries, please contact our team at contact@sentradmarc.com.