Privacy Policy

1. Information We Collect

Information you provide

• Account information: Email address, name, and password when you register
• Billing information: Payment details processed securely by Stripe (we don't store card numbers)
• Domain information: Domain names you add for monitoring
• Communication: Messages you send us via email or support channels

Information we collect automatically

• Usage data: Features you use, pages you visit, and actions you take within the service
• Device information: Browser type, operating system, and device identifiers
• Log data: IP address, access times, and referring URLs
• DNS and email data: DNS records, DMARC reports, and email authentication data for domains you monitor

Information from third parties

• Authentication providers: If you sign in via a third party, we receive basic profile information
• Payment processor: Stripe provides transaction confirmations and billing status

2. How We Use Your Information

We use your information to:

• Provide, maintain, and improve MimeProtect
• Process transactions and send billing notifications
• Monitor your domains and generate security alerts
• Send service updates and security notices
• Generate aggregate insights and reports for your dashboard
• Analyse usage patterns to improve the service
• Respond to your requests and support queries
• Detect and prevent fraud or abuse

We will never sell your personal information or disclose your private data to third parties for their marketing purposes.

3. Analytics and Metrics

We collect anonymised metrics to understand how MimeProtect is used and to improve the service. This includes:

• Feature usage patterns
• Performance metrics
• Error rates and debugging information
• Aggregate statistics across our user base

We use the following analytics processors:

• Heap Analytics – Product analytics to understand feature usage
• Hotjar (ContentSquare) – Session recordings and heatmaps to improve user experience

These processors are bound by data processing agreements and process data on our behalf. They do not use your data for their own purposes.

4. Data Sharing

We share your information only in these circumstances:

Service providers

We use trusted third parties to operate MimeProtect:

• Stripe – Payment processing
• Cloudflare – Infrastructure and hosting
• Resend – Transactional email delivery
• Heap Analytics – Product analytics
• Hotjar (ContentSquare) – User experience analytics

These providers process data on our behalf under strict contractual obligations.

Legal requirements

We may disclose information if required by law, regulation, or legal process, or to protect our rights, property, or safety.

Business transfers

If Pragmatic Builders Ltd is acquired or merged, your information may transfer to the new owner. We'll notify you before any such transfer.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the service.

After account deletion:

• Account data is deleted within 30 days
• Anonymised aggregate data may be retained indefinitely
• Backups are purged within 90 days
• We may retain data longer if required by law

6. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

• Encryption in transit (TLS) and at rest
• Access controls and authentication
• Regular security assessments
• Secure infrastructure hosted on Cloudflare

No system is completely secure. If we become aware of a security breach affecting your data, we'll notify you promptly.

7. Your Rights

Depending on your location, you may have rights including:

• Access: Request a copy of your personal data
• Correction: Update inaccurate information
• Deletion: Request deletion of your data
• Portability: Receive your data in a portable format
• Objection: Object to certain processing activities
• Restriction: Request limited processing of your data

To exercise these rights, contact us at legal@mimeprotect.com. We'll respond within 30 days.

UK and EU residents

We process data under GDPR. Our lawful bases for processing include:

• Contract: To provide the service you've requested
• Legitimate interests: To improve and secure the service
• Consent: Where you've given explicit permission
• Legal obligation: To comply with applicable laws

You have the right to lodge a complaint with your local data protection authority.

8. International Transfers

Your data may be processed in countries outside the UK/EEA. We ensure appropriate safeguards are in place, including Standard Contractual Clauses where required.

9. Cookies

We use essential cookies to operate the service (authentication, preferences). We use analytics cookies from Heap and Hotjar to understand usage patterns.

You can control cookies through your browser settings, though some features may not work correctly without essential cookies.

10. Children's Privacy

MimeProtect is not intended for users under 18. We don't knowingly collect information from children. If you believe a child has provided us with personal data, contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We'll notify you of material changes via email or through the service.

12. Contact

For privacy queries or to exercise your rights, contact us at legal@mimeprotect.com.