Privacy Policy

Last updated: February 2, 2026

1. Introduction

Verkh, LLC ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our DMARC monitoring and email authentication platform. Verkh, is the data controller for the personal data we process under this policy.

By using Verkh, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, company name when you create an account
  • Domain Information: Domain names you add to monitor
  • Payment Information: Billing details processed by our payment provider (we do not store full card numbers)
  • Communications: Messages you send to us via support channels

2.2 Information Collected Automatically

  • DMARC Reports: Aggregate and forensic reports sent to your Verkh-provided email address
  • DNS Records: Public DNS records for domains you monitor
  • Usage Data: How you interact with our platform (pages visited, features used)
  • Device Information: Browser type, IP address, device identifiers

2.3 Cookies and Tracking Technology

We use cookies, web beacons, and similar tracking technologies to collect usage data and improve your experience. These may include essential cookies (for site functionality which cannot be disabled), functional cookies (to enhance functionality, your experience and personalization), analytics cookies (to measure platform usage and understand how visitors interact with our website), and marketing cookies (to measure the effectiveness of our advertising campaigns). Marketing Cookies are only present with your consent. We do not use cookies for targeted advertising. Please be advised we currently do not respond to Do Not Track signals. You can manage your cookie preferences through your browser settings or our Opt-Out Tools. For more details, see our cookie policy.

3. How We Use Your Information

We use collected information to:

  • Provide and maintain our DMARC monitoring services
  • Process DMARC reports and display authentication status
  • Send alerts about authentication failures or DNS changes
  • Generate remediation recommendations
  • Process payments and manage subscriptions
  • Respond to support requests
  • Improve our platform and develop new features
  • Send service-related communications
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process personal data based on:

  • Contract Performance: To provide services you have requested
  • Legitimate Interests: To improve our services and prevent fraud
  • Consent: For marketing communications (where applicable)
  • Legal Obligation: To comply with applicable laws

5. Data Sharing

We do not sell your personal information. We may share data with:

  • Service Providers: Cloud hosting (Cloudflare), payment processing, analytics. Our service providers have data processing agreements that require them to protect your data and process it only for the purposes we specify.
  • Partners: If you use Verkh through a reseller/partner, they may access your account data
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: At your direction in connection with mergers, acquisitions, or asset sales

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. DMARC report data is retained according to your plan's data retention limits (30 days to unlimited). After account deletion, we may retain certain data for up to 90 days for legal and audit purposes.

7. Your Rights

To exercise any of these rights described in this Policy, email us at privacy@verkh.io. We will respond within the timeframe required by law.

7.1 GDPR Rights (EEA Users)

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a portable format
  • Restriction: Limit how we process your data
  • Object: Object to certain types of processing
  • Withdraw Consent: Where processing is based on consent

7.2 CCPA Rights (California Residents)

California residents have the right to:

  • Know: What personal information we collect and how it's used
  • Delete: Request deletion of your personal information
  • Opt-Out: Opt out of the sale of personal information (we do not sell data). You also have the right to Limit the Use and Disclosure of Sensitive Personal Information used for purposes beyond basic service delivery.
  • Non-Discrimination: Not be discriminated against for exercising your rights

7.3 General U.S. State Privacy Rights

Residents of states with applicable comprehensive privacy laws (as of January 2026, this includes California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia) have the following rights:

  • Access/Know: Confirm if we are processing your personal data and request access to it.
  • Correction: Correct inaccuracies in your personal data.
  • Deletion: Request deletion of your personal data.
  • Portability: Obtain a copy of your personal data in a portable format.
  • Opt-Out of Targeted Advertising/Sale: Opt out of the processing of personal data for targeted advertising, or the sale of personal data (we do not sell data).

8. Data Security

In the event of a data breach that may create a material risk to your rights, we will notify affected users and relevant authorities as required by applicable law.

We implement industry-standard security measures including:

  • Encryption in transit (TLS) and at rest
  • OAuth-based authentication
  • Role-based access control
  • Regular security assessments
  • Cloudflare's enterprise-grade infrastructure

9. International Data Transfers

Your data may be processed in countries outside your residence. We use Cloudflare's global network, which may involve data transfers to various jurisdictions. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses where required.

10. Children's Privacy

Verkh is not intended for use by individuals under 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of Verkh after changes constitutes acceptance of the updated policy.