Privacy notice
Draft — under review. This describes exactly what the free Defensibility Check does with your data.
What we collect and why
Your work email address. We use it to derive your organisation’s domain for the public DNS checks, and to send you the link that unlocks your full report. Lawful basis: legitimate interest — you asked for the check.
Your ten self-check answers. They generate your score. They are self-declared and stay attached to your organisation’s record.
Public DNS results for your domain. SPF, DMARC, DKIM and MX records are already public; we store the outcome of the check (pass, gap, inconclusive), not your email traffic. We never read mailboxes and we never store email content.
Your IP address. Used only to rate-limit the check and prevent abuse. We store a one-way hash of it in an operational log with a short expiry — never the raw address, and never linked to your report.
Marketing is separate and optional
The report arrives whether or not you tick the marketing box. If you do tick it, we store the exact wording you agreed to and the time you agreed. You can withdraw your consent at any time by contacting us, and if we ever send you marketing email every message will include an unsubscribe link.
Where your data lives and how long we keep it
Everything is stored in Google Cloud’s London region (europe-west2). Every stored result is a point-in-time snapshot with an expiry date, after which it is deleted automatically; re-running the check from the same organisation domain produces a fresh snapshot. Nothing about your check is sold or shared.
Your rights
You can ask for a copy of what we hold about you, ask us to correct it, or ask us to delete it. Contact: [owner contact — to be confirmed before launch].