Legal

Privacy policy built
on real respect.

We take your privacy seriously. This policy explains how SpoofWard collects, uses, and protects your data — in plain language.

Last updated: April 2026

1. Introduction

SpoofWard is operated by T&C Technologies LTD, an Israeli company (VAT: 516092582), registered at Hizma Street 7, Beit Hanina, Jerusalem, Israel ("Company," "we," "us," or "our"). We are committed to protecting your privacy.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service, including our website at spoofward.com and the SpoofWard platform.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Service. By accessing and using SpoofWard, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

2. Information We Collect

We collect information in several ways:

2.1 Information You Provide Directly

  • Account Registration: Name, email address, company name, phone number, billing address
  • Billing Information: Payment method, credit card information (processed through Lemon Squeezy, our Merchant of Record), billing address
  • Domain Information: Domain names you want to monitor, contact information for domain administrators
  • Communication: Any information you provide when contacting our support team

2.2 Information Collected Automatically

  • DMARC Reports: We collect and parse DMARC aggregate reports and forensic reports sent by email receivers to your domain's DMARC reporting address (rua@ and ruf@)
  • DNS Records: We collect DNS record data for your domains (SPF, DKIM, DMARC, MX, TXT, CNAME records, etc.)
  • Email Metadata: Information about emails sent from your domains, including source IP addresses, authentication results, headers (without message content)
  • Usage Data: Pages visited, features used, login times, interactions with the Service, error reports
  • Device Information: IP address, browser type, operating system, referring URL, pages visited
  • Cookies and Tracking: We use cookies, local storage, and similar technologies to enhance your experience and understand usage patterns

2.3 Information from Third Parties

  • Information from payment processors (Lemon Squeezy) to verify transactions
  • Information from authentication providers (Google OAuth)
  • Publicly available WHOIS data and DNS information

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Provision: To provide, maintain, and improve the SpoofWard platform
  • DMARC Analysis: To parse, analyze, and report on DMARC data and email authentication
  • Threat Detection: To detect and prevent email spoofing, phishing, and other security threats
  • DNS Monitoring: To monitor DNS record changes and alert you to potential issues
  • Account Management: To manage your account, process payments, and send invoices
  • Communication: To respond to your inquiries, send account notifications, and provide customer support
  • Product Improvement: To analyze usage patterns and improve our Service (using anonymized data)
  • Marketing: To send promotional emails and updates about new features (you can opt out)
  • Legal Compliance: To comply with applicable laws, regulations, and legal requests
  • Security: To prevent fraud, abuse, and unauthorized access to our Service

4. Data Retention

We retain your data as follows:

Data TypeRetention Period
Account InformationFor the duration of your subscription plus 30 days after termination
DMARC ReportsTypically 2 years or as specified by your plan
DNS Records & Monitoring Data2 years or as specified by your plan
Usage Logs90 days (automatically deleted)
Payment InformationRetained by Lemon Squeezy (our Merchant of Record); we retain transaction records for 7 years for tax purposes
Security Logs30 days (for breach investigation purposes)

You may request deletion of your account and data at any time through your account settings or by contacting us. Upon deletion, we will remove your data within 30 days, except where we are required to retain it for legal or tax purposes.

5. Data Security and Storage

We implement security measures to protect your information:

  • Encryption in Transit: All data is encrypted in transit using TLS/SSL
  • Network Security: Our infrastructure is protected by Cloudflare's network, including DDoS protection, Web Application Firewall (WAF), and SSL termination
  • Access Controls: Access to customer data is restricted to authorized personnel only
  • Backups: We maintain regular backups to protect against data loss
  • Secure Authentication: Passwords are hashed using bcrypt; two-factor authentication is available

While we implement these security measures, no system is completely secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

6. Third-Party Services and Integrations

Our Service integrates with third-party services. Your data may be shared with these providers as necessary to deliver the Service:

6.1 Payment Processing

Lemon Squeezy — We use Lemon Squeezy (Lemon Squeezy, LLC) as our Merchant of Record to process all payments, handle billing, invoicing, and sales tax compliance. Lemon Squeezy is PCI DSS compliant and does not store full credit card details on our servers. Your payment information is subject to Lemon Squeezy's Privacy Policy.

6.2 Authentication

Google OAuth — You may choose to sign in using your Google account. Google handles your authentication credentials. We receive limited information (email, name) from Google.

6.3 CDN and Security

Cloudflare — We use Cloudflare for CDN, DNS proxy, DDoS protection, and SSL. Traffic to our Service passes through Cloudflare's network. Cloudflare may process certain request data (IP addresses, headers) as part of providing these services.

6.4 Analytics

Google Analytics — We use Google Analytics to understand how visitors interact with our website. Google Analytics collects information such as pages visited, time on site, and referring URLs. This data is anonymized and used solely for improving our Service. You can opt out using the Google Analytics Opt-out Browser Add-on.

6.5 Communications

Google Workspace (Gmail SMTP) — We use Google Workspace to send transactional emails such as notifications, alerts, and reports.

We do not sell, trade, or rent your personal information to third parties for marketing purposes. All third-party service providers are contractually required to maintain the confidentiality and security of your data.

7. Cookies and Tracking Technologies

SpoofWard uses cookies and similar tracking technologies to:

  • Keep you logged in to your account
  • Remember your preferences
  • Analyze how you use the Service
  • Prevent fraud and enhance security

Types of Cookies We Use

CookieTypePurposeDuration
spoofward_sessionEssentialMaintains your login session2 hours
XSRF-TOKENEssentialProtects against cross-site request forgery2 hours
cookie_consentEssentialRemembers your cookie consent choice1 year
_ga, _gidAnalyticsGoogle Analytics — tracks page views and usage patternsUp to 2 years

Essential cookies are required for the Service to function and cannot be disabled. Analytics cookies (Google Analytics) can be opted out of using the Google Analytics Opt-out Add-on or by adjusting your browser cookie settings.

Disabling essential cookies may prevent the Service from functioning correctly.

8. Data Sharing and Disclosure

We do not sell, trade, or share your personal information with third parties except in the following circumstances:

  • Service Providers: We share data with trusted vendors who help us operate our business (payment processors, hosting providers, support tools)
  • Legal Requirements: We may disclose information if required by law, court order, or government request (with notice to you when legally permissible)
  • Business Transfers: If SpoofWard is acquired or merges with another company, your data may be transferred as part of that transaction
  • Consent: We may share information with your explicit consent for specific purposes
  • Aggregate Data: We may share anonymized, aggregated data for research, analytics, and reporting

We do not share your domain monitoring data with other customers or use it for purposes beyond providing the Service to you.

9. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

9.1 European Union (GDPR)

If you are located in the EU, you have the following rights:

  • Right to Access: You can request a copy of the personal data we hold about you
  • Right to Rectification: You can request correction of inaccurate data
  • Right to Erasure: You can request deletion of your data (right to be forgotten)
  • Right to Restrict Processing: You can limit how we use your data
  • Right to Data Portability: You can request your data in a portable format
  • Right to Object: You can object to certain types of processing
  • Right to Withdraw Consent: You can withdraw consent for data processing at any time

9.2 California (CCPA)

California residents have the right to:

  • Know what personal information is collected
  • Know whether personal information is sold or disclosed
  • Delete personal information collected from you
  • Opt-out of the sale of personal information

9.3 Other Jurisdictions

Depending on your location, you may have additional privacy rights. Please contact us to learn about your specific rights.

To exercise any of these rights, please contact us at [email protected] with your request. We will respond within 30 days (or as required by applicable law). We may ask you to verify your identity before processing your request.

10. Data Processing and GDPR Compliance

For customers in the EU, we are committed to complying with GDPR requirements:

  • We process data only as necessary to provide the Service (legal basis: contract performance) and comply with legal obligations
  • We notify customers without undue delay in case of a personal data breach (within 72 hours where required)
  • We support data subject access requests, rectification, and erasure
  • We use Standard Contractual Clauses (SCCs) for international data transfers where applicable

If you have questions about our GDPR compliance or wish to exercise your data protection rights, contact us at [email protected].

11. International Data Transfers

SpoofWard is operated from Israel. Your information may be processed and stored in Israel, the European Union, the United Kingdom, and other countries where our service providers operate (for example, the United States, the United Kingdom and the EU for services like Cloudflare, Google, and Lemon Squeezy). These countries may have data protection laws that differ from your home country.

When we transfer data internationally, we rely on:

  • Standard Contractual Clauses (SCCs) with our service providers
  • Your consent provided when you register for and use the Service

By using SpoofWard, you consent to the transfer of your information to Israel and other countries as described above.

12. Children's Privacy

SpoofWard is not intended for children under the age of 18. We do not knowingly collect information from children under 18. If we learn that we have collected personal information from a child under 18, we will delete such information promptly.

If you believe we have collected information from a child under 18, please contact us immediately at [email protected].

13. Marketing Communications

We may send you promotional emails and marketing communications about new features, updates, and offers. You can opt out of these communications at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Updating your communication preferences in your account settings
  • Contacting us at [email protected]

Please note that even if you opt out of marketing communications, we will still send you transactional emails related to your account (billing, security alerts, password resets, etc.).

14. Do Not Track Signals

Some browsers include a "Do Not Track" feature. Our Service does not respond to "Do Not Track" signals. However, we do not use tracking technologies for advertising across third-party websites.

15. Security Incident Notification

In the event of a security breach affecting personal data, we will notify affected users and authorities as required by applicable law. Notifications will be sent without undue delay (typically within 72 hours for GDPR-regulated data) to the email address associated with your account.

To report a security incident, contact: [email protected]

16. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, and legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date.

Your continued use of SpoofWard following notification of changes constitutes your acceptance of the updated Privacy Policy.

17. Contact Us

If you have questions about this Privacy Policy, our privacy practices, or your privacy rights, please contact us:

SpoofWard — T&C Technologies LTD

Address: Hizma Street 7, Beit Hanina, Jerusalem, Israel

VAT ID: 516092582

Support Email: [email protected]

Privacy / Legal Email: [email protected]

Phone: +972 2 585 2646

WhatsApp: +972 52 234 9832

Website: https://spoofward.com

Your domain is being tested right now.
Are you watching?

Protect your brand and improve deliverability — automatically, with continuous monitoring and alerts.

Start Free — No Credit Card View Pricing →