Privacy Policy

1. Introduction

EnforceLayer ("we", "us", "our") operates a DNS monitoring and email authentication enforcement platform available at https://enforcelayer.com.

This Privacy Policy explains:

• what data we collect,
• why we collect it,
• how we use it,
• how we protect it,
• and what rights you have under applicable data protection laws (including GDPR where applicable).

By using our services, you agree to the practices described in this Policy.

2. Data Controller

EnforceLayer is operated by:

[LEGAL ENTITY NAME] [REGISTERED ADDRESS] [COMPANY ID] [VAT ID if applicable] Email: support@enforcelayer.com

For purposes of EU data protection law, we act as the data controller for data described in this Policy.

3. Data We Collect

3.1 Domain & DNS Data

When you run a scan or use monitoring services, we collect:

• Domain names submitted for analysis
• Public DNS records (SPF, DKIM, DMARC, MX, BIMI, TXT)
• DNS snapshots
• Timestamps of scans
• Enforcement scores and risk scores
• Historical drift data (if monitoring is enabled)

Important: All DNS data processed by EnforceLayer is publicly available information. We do not access private email content.

3.2 Account & Contact Data

If you purchase a Fix Plan or subscribe to Monitoring, we may collect:

• Email address
• Stripe customer ID
• Subscription ID
• Report token identifiers
• Monitoring configuration data

We do not store credit card numbers.

3.3 Payment Data

Payments are processed securely via Stripe.

We do not store:

• credit card numbers
• CVC codes
• full payment credentials

Stripe processes payment data under its own Privacy Policy.

3.4 Technical & Usage Data

We may collect:

• IP address
• Browser type
• Device information
• Access timestamps
• API usage logs
• Error logs

This data is used for:

• Security
• Abuse prevention
• System diagnostics
• Performance optimization

3.5 Email Communication Data

If you contact us or receive alerts, we may process:

• Your email address
• Communication content
• Alert delivery metadata

Email notifications may be delivered via Resend or other infrastructure providers.

4. How We Use Your Data

We use collected data to:

• Perform DNS scans
• Generate enforcement reports
• Calculate Risk Score and Enforcement Stability Index
• Deliver monitoring alerts
• Process payments
• Prevent fraud and abuse
• Maintain platform security
• Improve service reliability
• Comply with legal obligations

We do not sell personal data.

We do not use personal data for advertising.

5. Legal Basis (GDPR)

If you are located in the European Economic Area (EEA), we rely on:

• Contractual necessity (Art. 6(1)(b)) – to provide DNS scanning and monitoring services
• Legitimate interest (Art. 6(1)(f)) – security logging and fraud prevention
• Legal obligation (Art. 6(1)(c)) – tax and accounting compliance

6. Data Retention

We retain:

• Scan results for operational purposes
• Monitoring snapshots for service continuity
• Payment records as required by law
• Logs for security auditing

Expired report tokens may remain stored but become inaccessible publicly. Retention periods vary depending on subscription status and legal requirements.

7. Data Sharing

We share data only with essential service providers:

• Stripe (payments)
• Supabase (data storage)
• Vercel (hosting)
• Resend (email delivery)

We do not sell data.

We do not share data for advertising.

8. International Transfers

Some service providers may process data outside the EU.

Where required, we rely on:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions
• Contractual safeguards

9. Security Measures

We implement technical and organizational measures including:

• HTTPS/TLS encryption
• Secure hosting infrastructure
• Webhook signature verification
• Access control restrictions
• Database protection mechanisms

However, no system is 100% secure.

Users remain responsible for proper DNS configuration.

10. Risks & Limitations

EnforceLayer analyzes publicly available DNS data.

We:

• Do not access private email content
• Do not control third-party mail providers
• Cannot guarantee complete protection against spoofing or cyber threats

DNS enforcement improves security posture but does not eliminate all risks.

11. Your Rights

If subject to GDPR, you have the right to:

• Access your data
• Request correction
• Request deletion
• Restrict processing
• Object to processing
• Request data portability
• Lodge a complaint with a supervisory authority

Contact: support@enforcelayer.com

12. Cookies

We use essential cookies for:

• Session management
• Security
• Payment processing

We do not use advertising trackers.

A cookie consent banner may be presented where required.

13. Children's Privacy

Our services are intended for business use.

We do not knowingly collect data from individuals under 16 years of age.

14. Changes to This Policy

We may update this Privacy Policy.

The "Last updated" date reflects the latest revision.

15. Contact

For privacy inquiries:

support@enforcelayer.com