Privacy Policy

Introduction

BrightPost is a product of 8WEST LLC ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our DMARC email authentication service.

Information We Collect

Account Information

When you create an account, we collect:

• Email address
• Name
• Password (stored securely using industry-standard hashing)
• Company/organization name (optional)

Domain and DNS Information

To provide our service, we collect and process:

• Domain names you register with our service
• DNS records (SPF, DKIM, DMARC) associated with your domains
• DMARC aggregate reports sent to your configured reporting address
• DNS provider credentials (encrypted at rest using AES-256-GCM) for automated DNS management

Payment Information

We use Stripe to process payments. When you subscribe to our service:

• Payment card details are collected and processed directly by Stripe
• We store only a reference to your Stripe customer ID
• We do not store your full credit card number on our servers
• Billing history and subscription status are maintained for account management

Usage Information

We automatically collect certain information when you use our service:

• IP address and browser information
• Pages visited and features used
• Timestamps of activities
• Error logs for troubleshooting

How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our DMARC monitoring and management service
• Process DMARC reports and provide actionable recommendations
• Automatically configure DNS records when authorized
• Process payments and manage your subscription
• Send transactional emails (account verification, password resets, billing notifications)
• Send service-related communications (alerts, recommendations, weekly digests)
• Respond to your inquiries and provide customer support
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations

Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

• Service Providers: Third-party services that help us operate our business (Stripe for payments, Postmark for email delivery, Microsoft Azure for hosting)
• DNS Providers: When you authorize automatic DNS updates, we communicate with your DNS provider (Cloudflare, AWS Route53) using your provided credentials
• Legal Requirements: When required by law, court order, or governmental regulation
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate confidentiality protections

Data Security

We implement appropriate technical and organizational measures to protect your information:

• All data transmitted to and from our service is encrypted using TLS 1.2+
• DNS provider credentials are encrypted at rest using AES-256-GCM
• Passwords are hashed using bcrypt with appropriate work factors
• Access to production systems is restricted and logged
• Regular security assessments and monitoring
• Data is hosted on Microsoft Azure with SOC 2 compliance

Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes described in this policy:

• Account data: Retained while your account is active and for a reasonable period thereafter
• DMARC reports: Retained according to your plan (90 days for Starter, 180 days for Professional, 365 days for Enterprise)
• Billing records: Retained as required by tax and accounting regulations (typically 7 years)
• Usage logs: Retained for 90 days for operational purposes

Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate personal information
• Deletion: Request deletion of your personal information, subject to legal retention requirements
• Portability: Request a portable copy of your data
• Opt-out: Unsubscribe from marketing communications at any time

To exercise these rights, please contact us at privacy@brightpost.app.

Cookies and Tracking

We use essential cookies to:

• Maintain your authenticated session
• Remember your preferences
• Ensure security and prevent fraud

We use Azure Application Insights for performance monitoring and error tracking. This helps us improve service reliability and identify issues.

International Data Transfers

Our services are hosted in the United States. If you are accessing our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located. By using our service, you consent to this transfer.

Children's Privacy

Our service is not directed to children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at: