Privacy policy

What we collect

Account details. Your email address, identity provider profile, workspace metadata, billing tier, domain inventory, and setup activity. Used to operate the service and show your workspace state in the portal.

Pilot applications. If you submit a pilot or interest form, we collect the fields in that form, which may include your name, work email, company, website, role, domain count, registrar mix, an optional free-text description, and how you heard about us. Used only to contact you about Authwright onboarding.

Registrar credentials.When you onboard, we store per-tenant API credentials for your registrars (GoDaddy, Namecheap, etc.) in Azure Key Vault, encrypted at rest, accessible only to Email EasyPass while it's running. Never logged, never shared.

DMARC aggregate reports. When a customer configures rua=mailto:rua-{tenantId}@rua.authwright.com, we parse those XML reports and expose them to your tools. We retain parsed summaries for 90 days; raw XML for 30.

Free checker. The /check tool queries DNS live. We do not store domains submitted via the free checker.

Subprocessors

• Microsoft Azure — Container Apps, Key Vault, Cosmos DB (data plane, US East)
• Resend — transactional email delivery for magic links, account notices, and pilot intake
• Vercel — marketing site hosting and analytics

Data Processing Addendum

Enterprise tier customers receive a signed DPA on request. Email founder@authwright.com.

Your rights (GDPR / CCPA)

Request access, correction, portability, or deletion of your data by emailing founder@authwright.com. We respond within 30 days.

Retention

• Pilot application data: 12 months from submission, then deleted.
• Account data: until you delete your account.
• DNS snapshots: 90 days.
• Audit logs: 1 year.