DMARC Monitor

Privacy Policy

Last updated: 15 June 2026

1. Who we are

DMARC Monitor is operated by Nörtti paikalle (business ID: 3550967-1), Helsinki, Finland ("we", "us", "our"). Our primary contact address for privacy matters is support@norttipaikalle.fi.

2. What data we collect

We collect and process the following categories of personal data:

• Account data: your email address, password (stored as a bcrypt hash), and subscription status.
• Domain data: the domain names you add to your account for DMARC monitoring.
• DMARC report data: aggregate email authentication reports sent to us by third-party mail receivers on your behalf. These reports contain IP addresses, email volume statistics, and DMARC pass/fail results.
• Payment data: billing is handled entirely by Stripe. We do not store card numbers or full payment details. We retain Stripe customer IDs and subscription status.
• Usage data: server access logs including your IP address, browser user agent, and pages visited, retained for up to 30 days for security purposes.

3. How we use your data

We use your personal data to:

• Create and maintain your account.
• Deliver the DMARC monitoring service you have subscribed to.
• Process payments via Stripe.
• Send transactional emails (account verification, password setup).
• Detect and prevent fraud or abuse.
• Comply with legal obligations.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Legal basis for processing (GDPR)

Where the GDPR applies, we process your personal data on the following legal bases:

• Contract performance (Art. 6(1)(b)): processing your account and domain data to deliver the service.
• Legitimate interests (Art. 6(1)(f)): security logging and abuse prevention.
• Legal obligation (Art. 6(1)(c)): retaining transaction records as required by Finnish law.

5. Cookies

We use a single session cookie (PHPSESSID) to keep you logged in. This cookie is strictly necessary for the service to function and does not track you across third-party sites. No analytics or advertising cookies are used.

6. Data retention

• Account data: retained for as long as your account is active. Deleted within 30 days of account closure on request.
• DMARC report data: retained indefinitely to provide historical analysis. You may request deletion at any time.
• Server logs: automatically purged after 30 days.
• Payment records: retained for 7 years as required by Finnish accounting law.

7. Your rights

Under the GDPR you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate data.
• Erase your data ("right to be forgotten"), subject to legal retention obligations.
• Restrict or object to certain processing.
• Data portability: receive your data in a machine-readable format.
• Lodge a complaint with the Finnish Data Protection Ombudsman (tietosuoja.fi).

To exercise any of these rights, contact us at support@norttipaikalle.fi.

8. Third-party processors

• Stripe — payment processing. Stripe Privacy Policy
• Your hosting provider — server infrastructure within the EU/EEA.

9. International transfers

We primarily store and process data within the EU/EEA. Where data is transferred outside the EEA (e.g. via Stripe infrastructure), appropriate safeguards are in place under EU Standard Contractual Clauses.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated to registered users by email. The date at the top of this page always reflects the current version.

11. Contact

Questions or requests about your data: support@norttipaikalle.fi
Or use our Support page.