Legal
Privacy Policy
Last updated: 1 April 2026
EmailAudit.io is operated by a sole trader based in Australia. This policy explains what data we collect, why we collect it, and how we handle it. We aim to collect the minimum necessary to deliver the service.
If you have questions, email privacy@emailaudit.io.
1. Free Tools — No Account Required
Our free diagnostic tools (SPF Checker, DKIM Validator, DMARC Scorer, Blacklist Check, Security Score, Header Analyzer) run entirely without requiring you to create an account or provide any personal information.
When you run a tool check, we receive the domain name or email header you submit. We do not store these inputs against any identifiable user record. We may retain anonymous, aggregated usage statistics (e.g. check volume per day) to monitor service health.
2. Full Audit PDF — Email Collection
The Full Security Audit report is delivered to your inbox. To do this, we collect your email address. We use this address to:
- Deliver the PDF report you requested
- Send occasional follow-up emails about your audit findings (you can unsubscribe at any time from any email we send)
We store audit submissions — including your email address, domain name, and audit results — in our database (Supabase, hosted on AWS). We do not sell this data to third parties.
3. Contact Form
When you submit the contact form, we collect your name, email address, and message. This information is used solely to respond to your enquiry. It is stored in our database and transmitted via Resend (our email delivery provider).
4. Payments
Paid services are processed through Stripe. When you pay, your card details are entered directly into Stripe's secure checkout — we never see or store your full card number. Stripe is PCI-DSS compliant.
We retain a record of completed transactions (service type, amount, date, and your email address) for accounting and support purposes.
5. Analytics
We use lightweight, privacy-respecting analytics to understand how visitors use the site (page views, referral sources, country-level location). We do not use Google Analytics. No cross-site tracking cookies are set for analytics purposes.
6. Cookies
We use cookies only where technically necessary — for example, to maintain a session when you use authenticated features. We do not use advertising or retargeting cookies.
7. Third-Party Services
We use the following third-party services to operate the site. Each has its own privacy policy.
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Database (audit leads, contact submissions) | Email, domain, audit results |
| Resend | Transactional email delivery | Email address, PDF report |
| Stripe | Payment processing | Email, payment details (Stripe-hosted) |
| Vercel | Website hosting | IP address (standard server logs) |
| Upstash | Rate limiting (abuse prevention) | IP address (not persisted) |
8. Data Retention
We retain audit submission records for 12 months, after which they are deleted. Contact form submissions are retained for 24 months. Transaction records are retained for 7 years as required by Australian tax law.
You can request deletion of your data at any time by emailing privacy@emailaudit.io. We will process deletion requests within 14 days, except where retention is required by law.
9. Your Rights
Depending on where you are located, you may have rights under the GDPR (EU/UK), Australia's Privacy Act 1988, or other applicable laws, including:
- The right to access data we hold about you
- The right to correct inaccurate data
- The right to request deletion of your data
- The right to object to or restrict certain processing
- The right to data portability (where technically applicable)
To exercise any of these rights, email privacy@emailaudit.io.
10. Security
All data is transmitted over HTTPS. Our database is hosted on a cloud provider with encryption at rest. Access to stored data is restricted to the site operator. We do not share data with advertisers, data brokers, or marketing platforms.
11. Children
This service is not directed at children under 16. We do not knowingly collect data from children.
12. Changes to This Policy
If we make material changes to this policy, we will update the date at the top of this page. Continued use of the service after changes are posted constitutes acceptance of the revised policy.
Contact
For privacy enquiries, data requests, or complaints, contact us at: privacy@emailaudit.io
If you are in the EU and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.