Privacy Policy

Information We Collect

We collect information in the following ways:

• Account information you provide directly: email address, password, and optional display name
• Domains you add for monitoring, including SPF, DKIM, DMARC, BIMI, MX, and blacklist check configurations
• Payment information processed securely by our payment provider — we do not store card details
• Technical data collected automatically: IP address, browser type, pages visited, and timestamps
• Communications you send to us via email or contact forms
• DNS records queried on your behalf from publicly available DNS servers — including SPF, DKIM, DMARC, BIMI, MX, and TXT records
• Blacklist query results for domains and IP addresses you specify
• For the Email Test Inbox: email headers, authentication results, sender address, and sending platform information from emails sent to test addresses. Email body content is not stored beyond header extraction.

How We Use Your Information

We use the information we collect to:

• Provide and maintain our monitoring and utility services
• Send you alerts, notifications, and monitoring reports
• Process your payments
• Respond to your requests and support needs
• Improve our services and develop new features
• Detect and prevent abuse or unauthorised use of the service
• Comply with legal obligations

Lawful Basis for Processing

Under the UK GDPR and EU GDPR, we process your personal data on the following bases:

Contract performance: processing necessary to provide the service you signed up for, including account management, monitoring, and alerts.

Legitimate interests: processing for service improvement, security, and fraud prevention, where these interests are not overridden by your rights.

Consent: where you have opted in to marketing communications. You may withdraw consent at any time.

Legal obligation: where processing is required to comply with applicable law.

Third-Party Services

We use the following categories of third-party services to operate:

These services have their own privacy policies. We share only the minimum data necessary for each service to function.

• Payment processing: Stripe — processes payment details securely
• Email delivery: Mailgun — sends transactional emails, alerts, and notifications
• Cloud hosting: Amazon Web Services (AWS) — hosts the application and stores data
• Analytics: privacy-focused analytics to understand usage patterns (no personal data shared)
• DNS and network services: Cloudflare — provides CDN, DNS, and edge computing

Data Storage and Location

Your data is stored on servers operated by Amazon Web Services in the EU (Ireland, eu-west-1) and/or the United States. Data may be transferred between these regions as necessary to provide the service.

Where data is transferred outside the UK or EEA, we rely on adequacy decisions or standard contractual clauses to ensure appropriate safeguards are in place.

Cookies and Analytics

We use essential cookies required for the service to function, such as session cookies for authentication.

We may use privacy-focused analytics to understand how the service is used. We do not use advertising cookies or share browsing data with advertisers.

For full details, see our Cookie Policy.

Data Security

We implement appropriate security measures to protect your personal information. However, no method of transmission over the Internet is 100% secure.

Data Retention

We retain your account information and monitoring data for as long as your account is active.

After account cancellation, monitoring data is retained for 30 days and then permanently deleted. Account information (email, billing records) is retained for up to 12 months to comply with financial record-keeping requirements, then deleted.

Free tier accounts inactive for 12 months may have their data deleted after notification.

You can request deletion of your data at any time by contacting us. We will process deletion requests within 30 days, subject to legal retention requirements.

Your Rights

Under applicable data protection law, including the UK GDPR and EU GDPR, you have the right to:

• Access: request a copy of the personal data we hold about you
• Rectification: request correction of inaccurate personal data
• Erasure: request deletion of your personal data
• Portability: request your data in a machine-readable format
• Restriction: request that we limit processing of your data
• Object: object to processing based on legitimate interests
• Withdraw consent: where processing is based on consent, withdraw it at any time
• Complain: lodge a complaint with the Information Commissioner’s Office (ICO) in the UK or your local supervisory authority

Contact Us

If you have questions about this Privacy Policy, please contact us at hello@useboring.com.

DNS and Email Authentication Data

When you use our checker tools or monitoring service, we query publicly available DNS records for the domains you specify. This data is inherently public and is not considered personal data in most jurisdictions.

For our free checker tools, DNS query results are cached briefly and not permanently stored. For paid monitoring, historical records of your domains’ DNS configurations are stored as part of the monitoring service and are available to you in your dashboard.

Blacklist status checks query third-party blacklist providers. We store the results (listed/not listed) but do not control the blacklist databases themselves.

Email Test Inbox Data

When you use the Email Test Inbox, the following data is collected from emails sent to test addresses:

Email body content is not stored. Test results are retained for 7 days and then permanently deleted. Test email addresses expire after 24 hours.

• Sender email address (from the message From header)
• Authentication results: SPF, DKIM, DMARC pass/fail status and alignment
• DKIM signature details: signing domain, selector, algorithm, key length
• Sending platform identification (from X-Mailer or similar headers)
• Message metadata: subject line, date, Return-Path
• List-Unsubscribe header presence