Privacy Policy

1. Introduction

CredMail (“we,” “our,” or “us”) is an email health and domain reputation platform operated by RadiantNode LLC. We help individuals and businesses check their email authentication records (SPF, DKIM, DMARC), monitor blacklists, verify email addresses, and assess domain health.

This Privacy Policy explains what data we collect, why we collect it, how we use it, and the choices you have regarding your information.

2. Information We Collect

2.1 Account Information

When you sign up for CredMail via Clerk, we receive and store:

• Your name (as provided to your authentication provider)
• Your email address
• A unique user identifier assigned by Clerk
• Authentication method (e.g., Google, email/password)

We do not have access to your password. Authentication is handled entirely by Clerk. We never see or store plaintext passwords.

2.2 Domain Health Check Data

When you run a domain health check, we collect and may store:

• The domain name you submit
• The results of DNS lookups (SPF, DKIM, DMARC, MX records)
• Blacklist scan results
• Reputation analysis scores
• Timestamp of the check

DNS lookups are performed using Cloudflare’s public DNS resolver (1.1.1.1). The domain you query is transmitted to Cloudflare as part of standard DNS resolution.

2.3 Email Verification Data

When you verify email addresses, we collect:

• The email addresses you submit for verification
• Domain and MX lookups for those addresses
• Verification results (deliverability, risk assessment)

We do not send test emails to the addresses you verify. All checks are performed via DNS and syntax analysis only.

2.4 Usage & Analytics Data

We automatically collect:

• IP address and approximate geolocation
• Browser type and version
• Operating system
• Pages visited and features used
• Referring URL and exit pages
• Date and time of visits

This data helps us understand how our platform is used, diagnose issues, and improve the service. We do not use third-party analytics trackers or advertising cookies.

2.5 Communications

If you contact us via email or our support channels, we collect:

• Your email address
• The content of your message
• Any attachments you include

3. How We Use Your Information

We use the data we collect for the following purposes:

1. Providing the service — running domain health checks, verifying email addresses, generating reports, and saving results to your account.
2. Account management — authenticating you, maintaining your session, and showing your saved reports and history.
3. Improving the platform — analyzing usage patterns to fix bugs, improve performance, and develop new features.
4. Security & abuse prevention — monitoring for suspicious activity, enforcing rate limits, and protecting our infrastructure.
5. Communications — responding to your support inquiries and, if you opt in, sending product updates. We never send marketing emails without your consent.
6. Legal compliance — meeting our obligations under applicable laws and regulations.

4. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases:

• Contractual necessity — data required to provide the CredMail service you requested (e.g., account data, DNS check results).
• Legitimate interest — usage analytics, security monitoring, and service improvement that do not override your rights.
• Consent — for optional communications. You may withdraw consent at any time.
• Legal obligation — where required by applicable law.

5. Cookies & Similar Technologies

CredMail uses minimal cookies:

• Authentication cookies set by Clerk to maintain your signed-in session. These are strictly necessary for the service to function.
• Theme preference stored in your browser’s local storage to remember your light/dark mode choice.

We do not use tracking cookies, advertising cookies, or third-party analytics scripts. Our platform does not display ads and does not profile users for marketing purposes.

6. Third-Party Services & Sub-processors

We rely on the following third-party services to operate CredMail. Each provider has its own privacy and security practices:

7. Data Retention

We retain your data as follows:

• Account data — retained for as long as your account is active. You may request deletion at any time.
• Domain check reports — retained until you delete them or your account is closed. Free-tier reports may be automatically pruned after inactivity.
• Usage logs — retained for up to 90 days for security and debugging purposes.
• Support communications — retained for up to 2 years for reference.

After your account is deleted, we purge all personal data within 30 days, unless we are required to retain it by law.

8. Data Security

We take the security of your data seriously. Measures we have in place include:

• All data in transit is encrypted using TLS 1.3
• Data at rest is encrypted (AES-256) by our infrastructure providers
• Authentication is handled by Clerk, a SOC 2 Type 2 compliant provider
• We use a strict Content Security Policy to prevent XSS attacks
• Rate limiting is enforced on all public API endpoints
• Access to the database is restricted to server-side operations only
• Regular dependency updates and security patches are applied

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

9. International Data Transfers

CredMail is operated in the United States. If you are located outside the US, your data will be transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) where applicable and ensure our sub-processors provide adequate protection for cross-border data transfers.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your data:

GDPR (EEA & UK)

• Right of access — request a copy of your data
• Right to rectification — correct inaccurate data
• Right to erasure — request deletion of your data
• Right to restrict processing — limit how we use your data
• Right to data portability — receive your data in a structured format
• Right to object — object to processing based on legitimate interest

CCPA (California)

• Right to know — what personal information we collect and share
• Right to delete — request deletion of your personal information
• Right to opt out — of the sale of personal information (we do not sell data)
• Right to non-discrimination — for exercising your CCPA rights

To exercise any of these rights, email us at privacy@credmail.com. We will respond within 30 days. We may need to verify your identity before processing your request.

11. Children’s Privacy

CredMail is not intended for children under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child under 16 has provided us with personal data, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email (if you have an account) or by posting a notice on our website. The “Last updated” date at the top of this page reflects the most recent revision. Your continued use of CredMail after changes take effect constitutes acceptance of the revised policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

• Email: privacy@credmail.com
• Postal: RadiantNode LLC, 651 N Broad St, Suite 201, Middletown, DE 19709, United States

For GDPR-related inquiries, you also have the right to lodge a complaint with your local data protection supervisory authority.