PRIVACY POLICY

Last Updated: 31-10-2023

1. Introduction

   1. This Privacy Policy (this “Privacy Policy”) governs the processing by EasyDMARC, a Delaware corporation (“EasyDMARC”, “we”, “our”), of information from individuals including our customers, other users of our website https://easydmarc.com (“Website”) and its subdomains, our apps, and those we interact with offline. Hereinafter we refer to such individuals as “you”. This Privacy Policy comports with U.S. law. If you are a resident of the European Union (EU), please see our EU Privacy Policy, which is only valid for orders with EasyDMARC B.V. accessible here. If you are a resident of the U.S., certain state data protection laws and regulations grant you certain rights regarding your Personal Data (as defined below). For more information on such rights, please see our State-Specific Notice.

      When we use the term “Personal Data” or “Personal Information”, we refer to information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household, or as otherwise defined in the state privacy laws applicable to you (“Personal Data” or “Personal Information”).

   2. Please read this Privacy Policy carefully to understand our policies and practices regarding your Personal Information and how we will treat it. If you do not agree with our practices, your choice is not to use our Website. By accessing or using our Website, you agree to this Privacy Policy.

   3. EasyDMARC may amend this Privacy Policy at any time. In case the Privacy Policy is amended, we will make the amended Privacy Policy available to you on our Website. We will not necessarily send out a notification or an e-mail to alert you of the amendment unless we made material changes to the Privacy Policy. Please review this Privacy Policy whenever you visit the Website or when prompted when we collect Personal Information from you offline to check if there have been any changes, so that you know the terms that apply to you at that time. At the top of this Privacy Policy, you can see when this Privacy Policy has been last updated. Continued use of the Website following such changes constitutes the acceptance of those changes.

2. Processing of Personal Data

   1. We collect and process the following types of information from and about you which may include Personal Data. These include information:

      • By which you may be personally identified, such as name, e-mail address, or other details to help you with your experience;

      • Collected via our apps and aggregated in XML reports;

      • Collected through your use of our services such as the number of emails you have sent out, the sender and the recipient of the emails, and the domain from where they were sent and in certain instances information on the subject line of emails you sent out (more on this below);

      • Your IP address; and

      • Your Website usage and browser setting.

      For the avoidance of doubt, we do not have access to the content of any the emails that are sent out using our services. However, certain reports that can be generated using our services will include information on such emails’ subject lines. Hence, we strongly discourage you not to include any personal information on the subject line of any email that you sent out using our services and ensure that your employees, agents and other representatives using our services do the same. In no event shall EasyDMARC be responsible or liable for such personal information that you write on such subject lines. Subject lines are only stored if you use RUF reports, so if you do not want to store subject lines, please consider to not configure RUF and only use the RUA reports.

   2. We collect your Personal Data in different ways:

      • Directly from you: For example, by asking you to provide it to us (for example by filling out forms on our Website (e.g., registration, subscription, “contact us” forms etc.) or if you post contributions through interactive features on our Website (e.g., reviews, testimonials, social media feed, etc.); subscribe to a newsletter, respond to a survey, use live chat, open a support ticket or enter information on our Website).

      • Indirectly from you: For example, through automatic data technologies or tools (e.g., Cookies (as defined below) and other tracking technologies, including but not limited to Google Analytics), which collect certain information about your IP address, Website usage, and browser setting. For more information on the automatic tools (Cookies and scripts) we use, please see below Section about “Cookies” under Section 4.

      • From third parties: For example, through advertising networks, from service providers, data analytics providers, social media, etc.

   3. We store your Personal Data in accordance with Soc 2 audit criteria for as long as necessary to perform the purposes of processing as set forth in Section 3 of this Privacy Policy. This includes but is not limited to storing your Personal Data at least for the period necessary to enable your use of our services or our Website.

3. Purposes of Personal Data collection

   1. Personal Data is collected and processed by EasyDMARC for the following purposes:

      • Fulfilling or meeting the reason you provided the Personal Data. For example, if you disclose Personal Data to ask a question about our products or services, we will use such Personal Data to respond to your request/inquiry. If you provide your Personal Data to purchase a product or service, we will use such Personal Data to process and fulfill your orders and transactions, verify your information, or process payment.

      • Presenting our Website and its contents and interactive features to you, maintaining or servicing your accounts (e.g., we will contact you via the email address you provided to us if your password or your email address in our records has been changed), and providing customer service (including providing you with support, investigating and addressing your concerns, and monitoring and improving our responses);

      • Providing, supporting, personalizing, and developing our Website, products, and services;

      • Personalizing your Website experience and delivering to you content and product and service offerings relevant to your interests, including offers and ads through our Website, third-party sites (e.g., social media platforms), and via email or text message (with your consent, where required by applicable law), including remarketing, targeted advertising, and profiling;

      • Notifying you about changes to our Website or any products or services we offer or provide through it;

      • Auditing related to counting ad impressions, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards;

      • Helping to ensure the safety, security and integrity of our Website, products, databases, other technology assets, and business;

      • Debugging to identify and repair errors that impair existing intended functionality of our Website;

      • Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of your current interaction with us;

      • Evaluating or conducting a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by us about our Website users is among the assets transferred;

      • Responding to law enforcement requests and as required by applicable law, court order, or governmental regulations;

      • As described to you when collecting your Personal Data;

      • For purposes you consented to.

   2. We may also contact you to further promote EasyDMARC, our Website, or any of our future services. If you do not wish to receive any such materials or information from us, please do not click the box on the Webpage when prompted. Should you wish to opt out, please do so by selecting the desired options in your EasyDMARC account or making use of the opt-out option provided to you in every email we send you.

4. Disclosure/Sale/Sharing of your Personal Data

   1. EasyDMARC discloses your Personal Data to the following third parties:

      • Service providers: We may disclose your Personal Data with service providers that provide services to enable your use of the Website and the fulfillment of the obligations of our contract (e.g., payment processors;

      • Marketing partners: We coordinate and disclose your Personal Data with our marketing partners, including advertising networks, internet service providers, data analytics providers, social networks, and marketing communication providers, in order to communicate with you about our products and services and market our products and services to you. They include Google LLC and Meta Platforms, Inc. for their remarketing and re-engagement of audiences. We make it possible to opt out of these uses through the opt-out mechanism at our State Specific Notice. You can also learn more about how to opt out of these uses by visiting the privacy policies of Google LLC and Meta Platforms, Inc. You can access those privacy policies here https://policies.google.com/privacy?hl=en-US.

      • Business partners and affiliates: We may also disclose your Personal Data with business partners or affiliates (i.e., those that promote our products and services) in order for us to assess inter alia whether such affiliates referred you to us as a client.

      • Other companies in the EasyDMARC group: We may disclose your Personal Data to companies within the EasyDMARC group to the extent necessary for us to fulfill the purposes mentioned under Section 3;

      • Business transactions or reorganizations: We may disclose your Personal Data with a third-party during negotiation of, in connection with, or as an asset in a corporate business transaction (such as a merger, acquisition, joint venture, or financing or sale of EasyDMARC assets). Your Personal Data may also be disclosed in the event of insolvency, bankruptcy, or receivership;

      • Legal representatives, government authorities, law enforcement representatives: We may disclose your Personal Data with third parties, such as legal advisors and law enforcement to comply with court orders, enforcement actions, and applicable laws, rules and regulations;

   2. We do not sell Personal Data for monetary consideration. However, the below activities may constitute as “sale” or “sharing” of Personal Data under certain state laws (e.g., California) regardless of whether an exchange of monetary consideration takes place or not:

      Cross-context Behavior Advertising; Targeted Advertising; Profiling. Cross-context behavior advertising means targeted advertising sent to you based on your Personal Data obtained from your activity across businesses, websites, applications, or services with which you intentionally interact. Profiling means any form of automated processing of Personal Data to evaluate and predict certain aspects about you. We allow certain third-party companies to place tracking technologies like cookies and pixels on our sites, which enable those companies to receive information about your activity on the Website that is associated with your browser or device. Additionally, we might actively provide third-party companies information about you so that such third-party companies may create lookalike audiences – customers likely to be interested in our offerings because they share characteristics similar to our existing customers - based on the information provided about you. These third parties may use that data to serve you more relevant ads on our Website or the websites of others, or they may create lookalike audiences with other members who share your characteristics and provide us with the opportunity to expand and target our advertising efforts to the members of the lookalike audience. Such advertising is also known as interest-based advertising (also known as online behavioral advertising), cross-context behavior advertising, profiling, or targeted advertising. We may receive from such companies discounts or certain free services (e.g., free analytical services from Google LLC, or free creation of a lookalike audience by Meta Platforms, Inc. or LinkedIn Corporation.

      The information being collected by these third-party companies may include anonymized information (e.g., click stream information, browser type, time and date, subject of advertisements clicked or scrolled over, hardware/software information, and session ID), and personally identifiable information (e.g., static IP address).

      Google Analytics, Google Ads, and Remarketing
      We use a tool called “Google Analytics”, a web analytics service provided by Google to monitor the performance of our Website and collect information on your use of our Website. You can learn more about how Google Analytics collects and processes information here: https://policies.google.com/privacy?hl=en-US; and how to opt out of being tracked by Google Analytics by following the instructions found here https://tools.google.com/dlpage/gaoptout.
      We also use Google Ads for remarketing and re-engagement of audiences which allow us to reach people who previously visited our Website. Google may use Cookies and/or device identifiers to serve you ads on various sites on the internet based on your past visits to our Website. You may opt out of the use of this Cookie by visiting Google’s Advertising and Privacy through this link: https://policies.google.com/technologies/ads or by visiting Google Ads Settings accessible through this link: https://adssettings.google.com/anonymous?hl=en. We note that we only have access to de-identified information being collected by Google through these tools [and we do not have control over such collection or processing].

      In addition to Google Analytics, we use a tool called Hotjar to better understand how you use our Website and to enable us to improve the user interface, user experience, and internal data flows.

      Do Not Track
      Some internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track”, please visit here.

      Cookies
      We use cookies and other technologies (e.g., pixels, tags) (collectively, the “Cookies”) on our Website. Cookies are text or image data files that are placed or saved on the internet browser of the user’s computer system. They contain a string of characters that enables the browser or mobile device to be uniquely identified when the user visits the Website again. The purpose of the use of Cookies is to simplify the use of the Website for the Website’s visitor. All the information collected on our Website through Cookies is anonymized and de-identified.
      On the one hand, we use technically essential Cookies which are necessary to run the Website. That means, we are not able to deactivate these Cookies. On the other hand, we use Cookies for the analysis of the behavior of the Website’s visitors on our Website to measure our reach in the market. You may prevent the use of these Cookies by selecting the appropriate setting in our browser or managing your preferences via the pop-up window prior to entering the Website. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of the Website, particularly if certain technical Cookies are deactivated.

      We use the following Cookies on the Website:

      Cookie Name	Category	Domain	Cookie Type	Cookie Expiration Date	Description
      countryCode,country_code_*	Functionality cookies	easydmarc.com	First-party	1 month 1 day	This is the visitor's initial country code detected from the IP address
      KEYCLOAK_IDENTITY	Functionality cookies	uac.easydmarc.com	First-party	Session	Stores the authenticated user's identity token. This token includes claims about the user. The cookie is usually encrypted and signed to ensure its integrity and confidentiality.
      KEYCLOAK_IDENTITY_LEGACY	Functionality cookies	uac.easydmarc.com	First-party	Session	This is similar to KEYCLOAK_IDENTITY but may be used for older versions or for backward compatibility purposes. It serves the same purpose: storing the identity token of the authenticated user.
      KEYCLOAK_SESSION	Functionality cookies	uac.easydmarc.com	First-party	Session	Used to store the user session identifier. It helps in managing the user session on the server and is essential for session expiration, logout, etc.
      KEYCLOAK_SESSION_LEGACY	Functionality cookies	uac.easydmarc.com	First-party	Session	Similar to KEYCLOAK_SESSION, used for backward compatibility and functions the same way as KEYCLOAK_SESSION.
      AUTH_SESSION_ID	Functionality cookies	uac.easydmarc.com	First-party	Session	Holds the authentication session state, which could be considered the "master" session identifier. It is often used for Single Sign-On (SSO) purposes and helps in coordinating between various client applications and authentication realms.
      app_url	Functionality cookies	uac.easydmarc.com	First-party	365 days	"Back to application" button url
      sidebar_*,active_collapse	Functionality cookies	uac.easydmarc.com	First-party	365 days	Represents the active state of a sidebar, which is stored as a cookie
      connect.sid	Functionality cookies	uac.easydmarc.com	First-party	Session	EasyDMARC application session ID
      cf_*, __cf_bm, _cfuvid,	Functionality cookies	easydmarc.com	First-party	1 year	Set by Cloudflare for security and performance optimizations. These handle DDoS protection, bot mitigation, and visitor tracking.
      _csrf	Functionality cookies	easydmarc.com	First-party	Session	Random secret value, to prevent the submit of a request which the users isn’t authenticated for
      easydmarc_cookie_consent	Functionality cookies	easydmarc.com	First-party	30 Days	Utilized to manage the display of the cookie consent banner on the website.
      easy_r	Functionality cookies	easydmarc.com	First-party	10416 days	Designed to store the HTTP referral URL for tracking the source of web traffic
      IDE, test_cookie	Targeting cookies	.doubleclick.net	Third-party	1 year	Google Doubleclick cookies for targeted advertising and tracking user interactions with ads.
      li_*, lidc, AnalyticsSyncHistory, UserMatchHistory,bcookie, ln_or	Targeting cookies	.linkedin.com	Third-party	1 month	Used for tracking, security, and targeted advertising.
      _zitok	Strictly Necessary cookies	.zoominfo.com	Third-party	30 minutes	Used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.
      YSC,VISITOR_INFO1_LIVE	Targeting cookies	.youtube.com	Third-party	Session	Set by Youtube to track views of embedded videos.
      _hj*	Strictly Necessary cookies	.easydmarc.com	Third-party	30 minutes	Hotjar can track the beginning of the user's journey for a total session count. It does not contain any identifiable information.
      _ga*, _gid	Performance cookies	.easydmarc.com	Third-party	1 year 1 month	Used by Google Analytics to persist session state.
      __hs*, hubspot*,messagesUtk	Performance cookies	.easydmarc.com	Third-party	6 months	Hubspot specific cookies
      _gcl_au	Targeting cookies	.easydmarc.com	Third-party	3 months	Used by Google AdSense for experimenting with advertisement efficiency across websites using their services
      _cl*, _uet*, MR, SM, bcookie, lidc, SRM_B	Targeting cookies	.easydmarc.com	Third-party	1 day	Microsoft Clarity and BING specific cookies

5. Security

   1. EasyDMARC is committed to securing the processing of your Personal Information, by maintaining administrative, technical and physical controls which are designed to protect your Personal Information against loss or theft, as well as against any unauthorized access, risk of loss, disclosure, copying, misuse, or modification. Therefore, we implement security measures where appropriate and applicable, such as, but not limited to:

      • Pseudonymization and encryption of Personal Information while in transfer; and

      • The ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services;

      • The ability to restore the availability of and access to Personal Information in a timely manner in the event of a physical or technical incident; and

      • A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures to ensure security of processing.

      The safety and security of your Personal Data also depend on you. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to our Website. Any transmission of Personal Data is at your own risk. We are not responsible for any circumvention of any privacy settings or security measures contained on our Website.

6. Retention Policy (our “Retention Policy”)

   Personal Data are retained for the duration as shown in the chart below, unless you are required by applicable laws, rules, or regulations to retain your Personal Data for a longer period of time. Any Personal Data which is not included in the chart below will not be retained longer than reasonably necessary to fulfill the purpose for which it was collected.

   Because we have no access to the content of an email, we do not retain any Personal Data in relation thereto. We may, in very limited instances, need to maintain the content of subject line of certain emails.

   How long we keep Personal Data can vary widely depending on the context of the services we offer. We use the following criteria to determine the retention period: nature of the Personal Data, the context in which the Personal Data have been collected, the consequences for you and the existence of appropriate safeguards, such as pseudonymization.

   Please refer to our State-Specific Notice for situations where we are entitled to retain your Personal Information despite your request to delete.

   (Categories) of Personal Data	Retention period
   Identifiers	As long as needed to provide the services
   Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))	As long as needed to provide the services
   Commercial information	As long as needed to provide the services
   Internet or other similar network activity	30 days maximum
   Inferences drawn from any of the other Personal Information listed above to create a profile about a consumer	As long as needed to provide the services

7. Your rights

   1. We may choose or be required by the applicable state privacy laws to provide different or additional disclosures relating to the processing of Personal Information about residents of certain states. For residents of California, please review our Supplemental state-specific privacy notice accessible.

   2. Notwithstanding your state specific rights, every user of our Website may request from EasyDMARC (i) information on the Personal Data we collect from them, (ii) access to an overview of such Personal Data, (iii) to correct or delete their Personal Data by contacting us at the contact information mentioned in Section 10, and (iv) to receive the requested information on your Personal Data in a portable manner. You can make such request by contacting EasyDMARC using the contact information under Section 10 below.

   3. In order to fulfil your requests pursuant to the rights as stated above in Sections 7.1 and 7.2, we may request specific additional information from you to verify your identity. We collect and process such information for the sole purpose of enabling us to respond to your request.

   4. Please be informed that when you exercise certain rights mentioned in Sections 7.1 and 7.2 (e.g., the right to deletion), we may no longer be able to offer you the use of the Website or portions thereof (e.g., access to your EasyDMARC account may be limited).

   5. We will remove your Personal Data pursuant to our Retention Policy. Should you decide to delete your account with EasyDMARC, please note that you will lose access to the Personal Data, courses, documents and other information in your EasyDMARC Account. EasyDMARC is not under any obligation to maintain a back-up of such information and data.

8. Minors

   The Website is not meant for users under the age of 18. We are committed to protecting the privacy needs of children, and we encourage parents and guardians to take an active role in their children’s online activities and interests. We do not knowingly collect information from users under the age of 18, and do not target users under the age of 18. If we receive a valid notice through [email protected] that a user under the age of 18 has provided us with Personal Information, we will take measures to delete it as soon as possible.

9. Links to Other Sites

   The Website may, from time to time, contain links to and from the websites, plug-ins and applications of our partner networks, advertisers, affiliates or social media sites. This Privacy Policy does not apply to your access to any Personal Information practices of such third-party websites and online services, which may (or may not) have privacy policies. Please understand that EasyDMARC does not control such “linked” websites (or the content contained on such websites) and takes no responsibility for their content. It should not be implied that EasyDMARC endorses or otherwise recommends such websites, or the products or services they offer. To learn about the data privacy practices of these third parties, please visit their respective privacy notices or policies.

10. Contact Information

    To ask questions about or comment on this Privacy Policy, contact us at:

    phone: +1-888-563-5277
    Email: [email protected]
    Mailing Address: 8 The Green #7668, Dover, Delaware, 19901, United States
    Website: https://easydmarc.com/contact-us

    If you need to access this Privacy Policy in an alternative format due to having a disability, please contact [email protected] or +1-888-563-5277.