DMARCS is committed to protecting your data and complying with relevant privacy laws, including GDPR, UAE PDPL, UAE NESA, UAE DESC, and CREST standards. This policy explains what data we collect, how we use it, and your rights as a user.

1. Information We Collect

DMARCS collects only data necessary to deliver and improve our service:

• User account information: name, email, organisation
• Authentication credentials: passwords, two-factor authentication codes
• Audit and interaction logs for security and operational purposes

We do not collect sensitive personal information beyond what is essential for the service.

2. Consent

By using DMARCS, you provide explicit consent for the collection and processing of your data. Cookie usage is controlled through a consent banner stored in your browser.

3. How We Use Your Data

Data collected is used for:

• Providing and managing your account and access privileges
• Security monitoring and breach reporting
• Audit logging for compliance and traceability
• Support, including export or deletion of your data upon request

4. Data Security

DMARCS applies strong security measures:

• Encryption at rest (bcrypt for passwords) and in transit (HSTS headers)
• Role-based access control separating Org Admins and Users
• Strong authentication including 2FA and password strength enforcement
• Automatic session timeout after 15 minutes of inactivity

5. Data Rights

You may:

• Request deletion of your data via our support portal
• Export your data in a machine-readable format

6. Data Minimisation and Retention

We only collect what is necessary and retain data for as long as needed to provide services or comply with legal requirements.

7. Third-Party Processors

DMARCS may use third-party services for hosting, analytics, and support. Main providers include:

• Azure (UAE region)
• Google Analytics

We ensure all processors comply with applicable privacy regulations and only access data necessary to provide their services.

8. Data Residency

To comply with UAE NESA and PDPL requirements, all DMARCS deployments are hosted within UAE regions of AWS or Azure. No user data is transferred outside the UAE without explicit disclosure.

9. Security Incident Reporting

Any security incidents are logged and reported through our support portal. DMARCS follows procedures aligned with GDPR, PDPL, NESA, DESC, and CREST.

10. Policy Updates

This policy may be updated to reflect changes in services or regulations. Users will be notified of material changes via the platform or email.

11. Contact Us

For questions or to exercise your data rights, contact:
DMARCS Support Team
support@dmarcs.com