Legal

Privacy Policy

Last updated: 1 April 2026

1. Data Controller

The controller responsible for the processing of your personal data in connection with MailSentry is:

Normwise / Evidentia
[YOUR COMPANY ADDRESS]
VAT: [YOUR VAT NUMBER]
Email: privacy@normwise.eu

For all questions relating to the processing of your personal data, or to exercise any of your rights described in this policy, please contact us at privacy@normwise.eu.

2. Personal Data We Collect

We collect only the personal data that is necessary to provide the MailSentry service. This includes:

  • Email address — used to create and manage your account, send service notifications, and authenticate you.
  • Domain names — the domains you register for DMARC monitoring; these may be considered personal data where they relate to a natural person.
  • DMARC, SPF, and DKIM reports — aggregate and forensic reports delivered to your reporting address and processed on your behalf. These may contain IP addresses of mail senders.
  • Usage logs — records of actions performed within the platform (e.g. report imports, policy changes, alerts acknowledged). Stored for operational and security purposes.
  • IP address — your IP address is recorded in server access logs when you interact with the MailSentry application or API.

We do not collect any special categories of personal data (Article 9 GDPR).

3. Legal Basis for Processing

We process your personal data on the following legal bases under the GDPR:

  • Performance of a contract (Art. 6(1)(b) GDPR) — processing your email address, domain names, and DMARC/SPF/DKIM report data is necessary to deliver the MailSentry service you have contracted for.
  • Legitimate interests (Art. 6(1)(f) GDPR) — we process usage logs and IP addresses to maintain the security, integrity, and availability of our platform. Our legitimate interest in operating a secure service outweighs any privacy impact given the limited scope of data retained.
  • Legal obligation (Art. 6(1)(c) GDPR) — we may retain certain data where required by applicable law (e.g. tax or accounting obligations).

4. Retention Periods

We retain personal data only for as long as necessary for the purposes for which it was collected:

  • Account data (email address, settings) — retained for the duration of your account, plus 30 days following account deletion to allow for recovery and billing reconciliation.
  • Security and usage logs — retained for a maximum of 90 days, after which they are automatically deleted.
  • DMARC, SPF, and DKIM reports — retained for 365 days from the date of receipt. You may request earlier deletion at any time.

Where we are required to retain data for longer periods by law (e.g. financial records), we will retain only the minimum data required and for no longer than the statutory period.

5. Sub-processors and Data Transfers

We do not sell or share your personal data with third-party marketing partners or analytics providers. MailSentry uses the following sub-processor for hosting infrastructure:

Hetzner Online GmbH
Industriestr. 25, 91710 Gunzenhausen, Germany
Role: Cloud infrastructure hosting
Location: European Union (Germany)

All data is stored and processed within the European Union. No personal data is transferred to third countries outside the EEA. Should this change in the future, we will update this policy and implement appropriate safeguards (e.g. Standard Contractual Clauses).

6. Cookies

MailSentry uses a single session cookie to maintain your authenticated session. This cookie is strictly necessary for the operation of the service and does not track your behaviour across third-party websites.

We do not use tracking cookies, advertising cookies, or third-party analytics (such as Google Analytics). No consent banner is therefore required for cookies we deploy.

Font delivery

This website loads the Inter typeface via Bunny Fonts (bunny.net), a privacy-friendly EU-based font CDN operated by BunnyWay d.o.o. (Slovenia). We use it instead of Google Fonts because Google Fonts transfers each visitor's IP address to Google's servers in the United States, which — under Schrems II and rulings such as the 2022 Munich Regional Court judgment — constitutes a GDPR-non-compliant international data transfer without consent. Bunny Fonts processes font requests entirely within the EU and does not share request data with third parties.

7. Your Rights

Under the GDPR you have the following rights with respect to your personal data:

  • Right of access (Art. 15) — you may request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16) — you may ask us to correct inaccurate or incomplete data.
  • Right to erasure (Art. 17) — you may request deletion of your personal data, subject to legal retention obligations.
  • Right to data portability (Art. 20) — you may request your data in a structured, machine-readable format where processing is based on consent or contract.
  • Right to object (Art. 21) — you may object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds.
  • Right to restrict processing (Art. 18) — you may request that we restrict processing in certain circumstances.

To exercise any of these rights, please email privacy@normwise.eu. We will respond within 30 days. If you believe we have not handled your request appropriately, you have the right to lodge a complaint with your national data protection authority.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material, we will notify you by email or by a prominent notice within the MailSentry application at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the date of the most recent revision.

Continued use of the service after the effective date of any changes constitutes your acceptance of the revised policy.