GDPR Compliance Policy

​

​1. Introduction

​InstantDMARC is committed to ensuring the privacy and protection of personal data in strict compliance with the General Data Protection Regulation (GDPR). As a provider of automated 1-click email authentication services, InstantDMARC operates primarily within the scope of DNS protocols, processing DMARC reports, SPF requests, and TLS-RPT data. ​This policy outlines InstantDMARC’s approach to GDPR compliance, detailing how we maintain the security, privacy, and integrity of our customers' data while operating across international markets, including the European Economic Area (EEA).

​2. Scope

​This policy applies to all InstantDMARC services, infrastructure, and operations involving: ​Email Authentication Protocols: DMARC, SPF, DKIM, and TLS-RPT. ​Publicly Available Information: DNS records and zone data for email domains. ​Reporting and Analysis: DMARC aggregate reports (RUA) and email delivery insights. ​Account Administration: Data required to process one-time service fees and manage B2B customer accounts.

​3. Data Protection Principles

​InstantDMARC adheres to the core principles of the GDPR: ​Lawfulness, Fairness, and Transparency: We process data legally and maintain transparency in our data flows. ​Purpose Limitation: Data is used strictly for facilitating 1-click DNS automation, analyzing email authentication, and account billing. ​Data Minimization: We only collect and process the data absolutely necessary to fulfill our service objectives. ​Accuracy: We monitor our systems to ensure public DNS records and diagnostic reports are accurately reflected in our dashboard. ​Storage Limitation: Customer and diagnostic data are retained only as long as required to provide our services or meet legal tax/compliance obligations. ​Integrity and Confidentiality: We implement robust cryptographic and access-control measures to protect data against unauthorized processing.

​4. Personal Data Handling

​InstantDMARC distinguishes between Account Data and Service Data: ​Service Data (Core Services): InstantDMARC does not process personal data as part of its core DNS automation services. We interact exclusively with publicly available DNS information and anonymized/aggregated metadata (e.g., DMARC aggregate reports, SPF alignment results). We actively avoid collecting DMARC Forensic (RUF) reports that could inadvertently contain personally identifiable information (PII) in email headers. ​Account Data (Billing & Admin): We process limited personal data (such as names, business email addresses, and payment information) strictly for the purpose of executing the one-time fee transaction, providing technical support, and fulfilling our contractual obligations.

​5. Data Subject Rights

​In accordance with the GDPR, InstantDMARC guarantees the following rights to individuals regarding their personal data: ​Right of Access and Rectification: Customers can request confirmation of their data usage and request corrections to inaccurate account details. ​Right to Erasure (Right to be Forgotten): Customers may request the deletion of their personal account data, provided it does not conflict with our legal obligation to retain financial transaction records. ​Right to Restriction and Objection: Customers can request a temporary halt on data processing or object to specific uses (such as marketing communications). ​Right to Data Portability: Upon request, we will provide an export of the user's account and configuration data in a structured, commonly used format.

​6. International Data Transfers

​To provide our global 1-click automation service, InstantDMARC utilizes cloud infrastructure that may process data outside of the European Economic Area (EEA). All international data transfers are protected by recognized GDPR transfer mechanisms, including standard contractual clauses (SCCs) and adherence to the EU-U.S. Data Privacy Framework (DPF) via our sub-processors.

​7. Security Measures

​Data Encryption: All data transmitted between the customer, our platform, and third-party DNS APIs is encrypted using TLS 1.2 or higher. ​Access Controls: Strict, role-based access controls (RBAC) ensure that only authorized engineering and support personnel can access operational data. ​API Security: Our 1-click Domain Connect and API integrations utilize secure, token-based authentication (OAuth2) that does not require us to store your domain registrar passwords. ​Audit Logs: We maintain detailed, immutable logs to track system access, API calls, and DNS record modifications.

​8. Data Retention Policy

​DMARC/TLS Reports: Aggregate metadata and reports are retained for up to 12 months to allow customers to view historical trends on their dashboard. ​DNS Logs: Short-term diagnostic logs generated during the 1-click setup process are retained for up to 90 days for troubleshooting purposes. ​Account/Billing Data: Financial transaction records for our one-time fee are retained for the legally mandated period (typically 5–7 years) for tax and accounting compliance.

​9. Third-Party Vendors (Sub-Processors)

​InstantDMARC engages strictly vetted third-party vendors (such as payment gateways and cloud hosting providers) to deliver our services. We ensure that Data Processing Agreements (DPAs) compliant with Article 28 of the GDPR are in place with all sub-processors. We maintain a list of our active sub-processors and will notify customers of material changes.

​10. Roles and Responsibilities

​Data Privacy Contact: InstantDMARC maintains a dedicated privacy team responsible for overseeing GDPR compliance, conducting impact assessments, and serving as the primary point of contact for data subjects and supervisory authorities. ​Employee Training: All personnel involved in the development or administration of InstantDMARC undergo training on data protection and privacy-by-design principles.

​11. Monitoring and Auditing

​We conduct regular internal reviews of our system architecture, data flows, and third-party API connections to ensure ongoing GDPR compliance and to identify and mitigate potential security risks proactively.

​12. Conclusion and Contact Information

​InstantDMARC is dedicated to maintaining GDPR compliance through transparent operations, secure automation, and strict adherence to regulatory requirements. By limiting our scope to metadata and publicly available DNS information, we ensure your data is handled responsibly. ​For inquiries, data subject requests, or to contact our privacy team, please reach out to: ​ Email: security@instantdmarc.com Website: https://instantdmarc.com