SenderGuard

Privacy Policy

Last updated: 2025-12-10

SenderGuard provides read‑only email sending compliance checks. We collect the minimum data necessary to compute SPF/DKIM/DMARC status, alignment, and List‑Unsubscribe headers, and to generate a verifiable “Proof‑of‑Scan.” We do not store email bodies at any time.

What we collect

  • DNS records required for SPF/DMARC (TXT under the relevant hostnames)
  • Authentication‑Results and addressing headers when you upload a sample .eml (headers only)
  • Scan metadata: domain, timestamps, score, suggestions, normalized JSON, scanId, sha256, and rulepackVersion
  • Operational logs and events (performance metrics, queue timings), without secrets or email body content

How we use data

  • To compute your compliance score and recommendations
  • To generate and serve a verifiable Proof‑of‑Scan (stable JSON + sha256)
  • To send alerts when material changes or regressions are detected (if enabled)
  • To operate, secure, and improve the service (aggregated metrics)

Retention

  • Normalized scan JSON: 90 days
  • PDF reports: 30 days (signed, time‑limited links)
  • Proof records (scanId+sha256): up to 12 months to enable later verification
  • Uploaded .eml: deleted immediately after header parsing; bodies never stored

Security

  • Transport encryption (HTTPS); signed download URLs (HMAC + expiry)
  • Least‑privilege access and environment‑level secrets management
  • Abuse controls and rate limits on public endpoints

Subprocessors & transfers

We use a small set of vetted infrastructure providers to deliver the service. Detailed subprocessor information is available on request. Data is hosted in our stated region unless you configure otherwise. We do not sell personal data.

Your rights

You can request export or deletion of organization data from Settings. For privacy inquiries, contact joseph.zheng97@outlook.com.

Contact

Website: https://senderguard.infsols.com
Email: joseph.zheng97@outlook.com