Privacy Policy

Effective date: June 16, 2026

This policy describes how Email Posture ("we", "us") collects and uses information when you use the Email Posture website and monitoring service (the "Service").

What we collect

• Domain names you check. The free checker queries public DNS records for the domain you enter. One-off checks are not stored or tied to your identity.
• Monitoring subscriptions. If you subscribe to monitoring we store your email address, the monitored domain, verification status, and the results of periodic checks (scores, grades, and record statuses) so we can alert you to changes.
• Payment information. Payments are processed by Stripe. We never see or store your card details — we store only a Stripe customer reference and your subscription status.
• Operational data. IP addresses are used transiently for rate limiting and abuse prevention, and appear in standard server logs retained by our hosting provider.

What we don't do

• No advertising, no tracking cookies, no analytics identifiers. The only thing stored in your browser is your light/dark theme preference.
• We never sell or rent personal information.
• We don't send marketing email — only the transactional messages the Service requires (confirmation, verification, alerts).

How we use your information

To run the checks you request, deliver the alerts you subscribed to, process payment, prevent abuse, and comply with legal obligations. The legal bases (where GDPR applies) are performance of a contract and our legitimate interest in securing the Service.

Service providers

We share data only with the processors needed to operate the Service: Vercel (hosting), Neon (database), Resend (email delivery), and Stripe (payments). DNS lookups are performed against Google and Cloudflare public DNS-over-HTTPS resolvers; those queries contain the domain being checked, never your identity.

Retention and deletion

Unconfirmed signups are deleted automatically after 7 days. When you unsubscribe, alerts and billing stop immediately. To have your subscription data deleted entirely, email us at support@emailposture.com from the subscribed address and we'll remove it within 30 days, subject to records we must keep (e.g. invoices).

Your rights

Depending on where you live you may have rights to access, correct, export, or delete your personal data, and to object to processing. Contact us at support@emailposture.com and we'll respond within 30 days.

Security

All traffic is encrypted in transit (TLS/HSTS). Manage-link tokens are stored only as cryptographic hashes. Access to production systems is limited to the operator. No method of storage is 100% secure; we'll notify affected users of any breach as required by law.

Children

The Service is not directed at children under 16 and we don't knowingly collect their data.

Changes

We'll post any changes here and update the effective date. Material changes affecting subscribers are announced by email.

Contact

support@emailposture.com