Privacy Statement

1. Introduction

This Privacy Statement explains how the DMARC Reports application collects, uses, and protects your information.

2. Information We Collect

• Authentication information: We use Microsoft Entra ID for authentication. We store your name, email address, and account identifiers as provided by Microsoft.
• Mailbox configuration: IMAP server details, usernames, and encrypted passwords for configured mail connections.
• DMARC data: Report metadata, individual record details, and raw XML content fetched from your mailboxes.

3. How We Use Your Information

Your information is used solely to provide the DMARC report aggregation service. We do not sell, share, or disclose your data to third parties.

4. Data Storage and Security

Data is stored in a secure PostgreSQL database. Mailbox passwords are encrypted using AES-256-GCM encryption. All connections use TLS encryption.

5. Data Retention

DMARC report data is retained indefinitely unless you delete your mailbox configuration, which cascades to delete all associated reports and records.

6. Your Rights

You may request deletion of your data at any time by removing your mailbox configurations. You may also contact the application administrator to request full account deletion.

7. Changes to This Statement

We may update this Privacy Statement from time to time. We will notify users of any material changes.