Norweb Services

Privacy Policy

Last updated: 1 June 2026

1. Introduction

Norweb Services (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our DMARC monitoring service and website (the “Service”).

We are a UK-based MSP. Your data is processed in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

We collect the following types of information:

  • Account Information: name, email address, and password when you register.
  • Client Data: domain names, DMARC reports, email authentication data, and DNS records you configure for monitoring.
  • Usage Data: pages visited, features used, and interaction with our dashboard.
  • Communication Data: information you provide via contact forms, quote requests, or email.

3. How We Use Your Information

  • To provide and maintain the DMARC monitoring Service.
  • To send you email reports, alerts, and transactional notifications.
  • To process payments and manage your subscription.
  • To communicate with you about your account and the Service.
  • To improve and optimise our Service.
  • To comply with legal obligations.

4. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. DMARC aggregate reports are retained for a minimum of 12 months. Upon account cancellation, we will delete your data within 30 days unless required to retain it by law.

5. Data Sharing & Disclosure

We do not sell your personal data. We may share data with:

  • Stripe: Payment processing (credit card details are handled by Stripe, never stored by us).
  • Mautic: Our marketing automation platform, used for sending email reports and notifications.
  • Service Providers: Third parties who help us operate the Service (hosting, monitoring).

6. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data held by us.
  • Rectify inaccurate data.
  • Request erasure of your data (“right to be forgotten”).
  • Restrict processing of your data.
  • Data portability.
  • Object to processing.

To exercise these rights, contact us at [email protected].

7. Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), encrypted storage, and access controls. However, no method of transmission over the Internet is 100% secure.

8. Cookies

We use essential cookies for authentication (JWT tokens stored as HTTP-only cookies). We do not use tracking cookies or third-party analytics cookies without your consent. You can control cookie settings in your browser.

9. Contact

If you have questions about this Privacy Policy, contact us at:
Email: [email protected]
Address: Norwich, Norfolk, UK