Privacy Policy
Last updated: 26 June 2026. We keep this short and plain.
Who we are
DMARC Monster is operated by FELIKZ.NET, registered in the Isle of Man. We are the data controller for the personal data described in this policy. You can reach us at our contact page or by email at [email protected].
What personal data we hold
| Data | Why we hold it | Legal basis |
|---|---|---|
| Name, business name, email address | Account creation, service delivery, invoicing, and support | Contract performance |
| Domain names | We monitor the domains you register | Contract performance |
| Billing correspondence and invoice records | Financial record-keeping | Legal obligation |
| Contact form enquiries | Responding to your questions | Legitimate interests |
| Service usage logs, including IP addresses | Troubleshooting and service improvement | Legitimate interests |
What we do not hold
DMARC aggregate reports, the core of what the service processes, contain only operational telemetry: IP addresses, email volume counts, and authentication pass/fail results. They do not contain message content, sender or recipient addresses, or any information that constitutes personal data. We do not ingest DMARC forensic (RUF) reports.
Who we share data with
We do not sell your data or share it with third parties for marketing. The following providers may process your data on our behalf:
- Email delivery provider: for sending account information and notifications
- Cloudflare: for security (Turnstile bot protection) and infrastructure
- Google (Google Fonts): font files are loaded from Google's CDN. Your IP address is transmitted to Google on page load as a routine part of that request
All providers are contractually bound to process your data only as instructed and in accordance with applicable data protection law.
How long we keep it
Retention periods vary depending on what the data is:
- Operational tenant data (DMARC reports, domain configuration, authentication tenant): deleted within 3 days of your subscription expiring or being terminated. If you want to keep any of this data, export it before your subscription ends.
- Your account record (name, email, business name): kept in our CRM for up to 12 months after your last subscription ends, so we can reinstate your account if you return. You can request deletion at any time.
- Financial records: retained for 7 years as required by law.
DMARC report data accumulated during an active subscription is retained on a 24-month rolling basis for trend analysis. When your subscription ends, this data is removed as part of the 3-day deletion above.
Your rights
Under the Isle of Man Data Protection Act 2018 you have the right to:
- Access the personal data we hold about you
- Have inaccurate data corrected
- Request deletion of your data (where no legal obligation requires us to retain it)
- Request a portable copy of your data
- Object to processing based on legitimate interests
To exercise any of these rights, contact us. We will respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Isle of Man Information Commissioner.
Cookies
We use one session cookie to keep you logged in. It holds no personal data and is not shared with third parties. No tracking, advertising, or analytics cookies are used.
Changes to this policy
We may update this policy from time to time. Active customers will be notified by email of any material changes before they take effect.
Data protection queries? Email [email protected] or use our contact form.