Privacy Policy

Last updated: September 19, 2025

Welcome to Email Inspect ("we", "us", "our"). This Privacy Policy describes how we collect, use, store, and share your personal information when you use our advanced AI-powered DMARC monitoring and email security service at https://emailinspect.com ("Service").

1. Information We Collect

  • Account Information: Email address, name, company details, password (encrypted with industry-standard hashing), billing information, and account preferences.
  • Domain and DNS Data: Domain names, DNS records (DMARC, SPF, DKIM, MX, TXT), subdomain configurations, and historical DNS changes.
  • DMARC Aggregate Reports: XML reports containing authentication results, source IP addresses, message volumes, disposition actions, and alignment data from email receivers.
  • DMARC Forensic Reports: Individual failed authentication samples including email headers, sender information, authentication failure reasons, and message metadata (without email body content).
  • TLS Reporting Data: TLS connection statistics, certificate validation results, cipher suite usage, connection success/failure rates, and STARTTLS policy compliance data.
  • AI Analysis Data: Machine learning model inputs and outputs, threat intelligence feeds, behavioral patterns, anomaly detection results, and automated security recommendations.
  • Security Intelligence: IP reputation data, sender behavior analytics, phishing indicators, domain spoofing attempts, and threat actor attribution data.
  • Usage and Performance Data: API calls, dashboard interactions, feature usage statistics, system performance metrics, and error logs.
  • Technical Data: Browser information, device details, IP addresses, geographic location data, session information, and device fingerprints.
  • Communications: Support requests, feedback, chat logs, phone calls, and automated system notifications related to security alerts and DMARC policy violations.

2. How We Use Your Information

We use your data for the following purposes:

  • To provide, maintain, and improve our AI-powered email security monitoring service.
  • To process and analyze DMARC aggregate reports, forensic data, and TLS reporting for comprehensive email security insights.
  • To train and enhance our machine learning models for threat detection, anomaly identification, and predictive security analytics.
  • To generate automated security alerts, recommendations, and compliance reports.
  • To monitor domain spoofing attempts, phishing campaigns, and unauthorized email usage.
  • To provide real-time dashboards, historical analytics, and security trend analysis.
  • To communicate critical security alerts, policy violations, and system updates.
  • To detect, prevent, and investigate security incidents, fraud, and abuse.
  • To comply with legal obligations and industry security standards.
  • To conduct research and development for advanced email security technologies.

3. Data Sharing & Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • AI/ML Service Providers: Cloud computing platforms and machine learning infrastructure providers that process data for our AI models under strict confidentiality agreements.
  • Security Intelligence Partners: Threat intelligence feeds and security research organizations for improving global email security (anonymized data only).
  • Technical Service Providers: DNS monitoring services, certificate authorities, and infrastructure providers necessary for service delivery.
  • Legal Compliance: When required by law, court orders, or to protect against security threats and fraud.
  • Emergency Situations: To prevent imminent harm to individuals or critical infrastructure security.
  • Business Transfers: In case of merger, acquisition, or asset sale, with advance notice and data protection guarantees.

4. AI and Machine Learning

Our AI-powered security features involve:

  • Automated Analysis: Machine learning models process your DMARC, forensic, and TLS data to identify threats and anomalies.
  • Predictive Security: AI algorithms analyze patterns to predict potential security incidents and policy violations.
  • Data Training: Aggregated and anonymized data may be used to improve our AI models for better threat detection across all users.
  • Human Oversight: Critical security decisions and recommendations are reviewed by security experts.
  • Model Transparency: You can request information about how our AI systems process your specific data.

5. Data Retention

We retain different types of data for varying periods based on security and compliance needs:

  • DMARC Aggregate Reports: Retained for up to 24 months for trend analysis and compliance reporting.
  • Forensic Reports: Stored for up to 12 months for security incident investigation and threat intelligence.
  • TLS Reporting Data: Maintained for 18 months to track certificate and connection security over time.
  • AI Model Data: Anonymized training data may be retained indefinitely to improve security algorithms.
  • Account Information: Retained while your account is active and for up to 7 years after closure for legal and tax purposes.
  • Security Logs: Critical security events are retained for up to 7 years for forensic and compliance purposes.

6. Data Security

We implement enterprise-grade security measures:

  • Encryption: AES-256 encryption at rest and TLS 1.3 for data in transit.
  • Access Controls: Role-based access, multi-factor authentication, and principle of least privilege.
  • Infrastructure Security: SOC 2 Type II compliant data centers with 24/7 monitoring.
  • Data Isolation: Customer data is logically separated and cannot be accessed by other users.
  • Security Audits: Regular penetration testing, vulnerability assessments, and security reviews.
  • Incident Response: Dedicated security team with 24/7 incident response capabilities.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request copies of your personal data and information about how it's processed.
  • Rectification: Request correction of inaccurate or incomplete personal data.
  • Erasure: Request deletion of your personal data (subject to legal and security requirements).
  • Portability: Receive your data in a machine-readable format for transfer to another service.
  • Restriction: Request limitation of processing under certain circumstances.
  • Objection: Object to processing based on legitimate interests or for direct marketing.
  • AI Decisions: Request human review of automated decisions that significantly affect you.

8. International Data Transfers

Your data may be processed in countries outside your residence. We ensure appropriate safeguards through:

  • Standard Contractual Clauses (SCCs) approved by relevant data protection authorities
  • Adequacy decisions where applicable
  • Additional technical and organizational measures for data protection

9. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email or prominent notice in the Service at least 30 days before the changes take effect.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@emailinspect.com