dmarciq email trust
Start monitoring
Security & trust

Security practices built for regulated teams

Learn how we process data, keep it safe and respond to incidents. Our UK-based team is ready to answer questionnaires.

Trust portal

Download our security pack including ISO roadmap, penetration tests and sub-processor list.

Request access

Data processing

DMARC reports (RUA/RUF) stored in EU data centres with 35-day retention. Access restricted via SSO and MFA.

Retention & deletion

RUA data retained 18 months for analytics, raw XML available for download for 90 days. Full deletion within 30 days of contract end.

Encryption

Data encrypted in transit (TLS 1.2+) and at rest (AES-256). Customer secrets stored via AWS KMS with rotation every 90 days.

Sub-processors

Provider Service Location
Amazon Web Services Hosting & storage eu-west-2 (London)
Postmark Transactional email EU data region
Atlassian Ticketing & incident management EU

We update this list quarterly. Subscribe below for changes.

View status page

Incident response

Detection

24/7 monitoring with alerting into PagerDuty and on-call engineers. SLA to triage critical incidents in < 30 minutes.

Response

Documented runbooks, tabletop exercises quarterly, customer notification within 24 hours of confirmed incident.

Recovery

Encrypted backups replicated across regions with weekly restore testing.

Post-incident

Root cause analysis shared with customers, including mitigation steps and timeline.

FAQ

Where is data stored?
All data resides in EU data centres (AWS eu-west-2). Failover in eu-central-1.
Do you have penetration tests?
Yes, annual third-party tests with remediation tracked in Jira. Summary reports available under NDA.
How do I report a security issue?
Email security@dmarciq.com or use our responsible disclosure form.

Need a security questionnaire completed?

Send yours to trust@dmarciq.com and our compliance team will respond within two business days.