Terms of Service

These Terms of Service (hereinafter "Terms") define the conditions of use of the Mail Guardian service (hereinafter "the Service"), accessible at mail-guardian.com and published by Capsens SAS (hereinafter "the Publisher"). Registration for the Service implies full and complete acceptance of these Terms. If you do not accept these conditions, you must not use the Service.

"Service": the Mail Guardian platform, including the landing page, web application, and all associated features (DNS diagnostics, domain monitoring, DMARC reports, alerts). "User": any natural or legal person registered with the Service. "Organization": an entity created by a User within the Service, grouping members and domains to monitor. "Domain": a domain name added by a User within an Organization to monitor its email security. "DMARC Report": email authentication data transmitted by email providers (Google, Microsoft, Yahoo, etc.) in accordance with the DMARC protocol (RFC 7489).

Access to the Service requires creating an account with a valid email address and password. Registration is confirmed by a 6-digit code sent by email, valid for 30 minutes. The User is responsible for maintaining the confidentiality of their credentials and for all activity carried out from their account. They agree to immediately inform the Publisher of any unauthorized use. The User may enable two-factor authentication (TOTP) to enhance account security. Backup codes are generated when this feature is activated. Each User can create or join multiple Organizations. Members are invited by email by an administrator and have 30 days to accept the invitation. Two roles exist: — Administrator: full management (domains, members, settings) — Member: data viewing and domain addition

Mail Guardian is an email security monitoring service that allows you to: — Configure DMARC protection for your domains via a step-by-step wizard — Receive and analyze DMARC reports sent by email providers — View email sending sources using your domains (legitimate or fraudulent) — Export compliance data in CSV format — Receive alerts when threats are detected (Pro plan) The DNS diagnostic available on the landing page is provided for informational purposes and does not constitute a comprehensive security audit.

The Service offers the following plans: Free Plan: — Unlimited domains (maximum 50 per organization) — Report retention: 1 day — Guided setup wizard — Compliance dashboard Pro Plan: — All Free plan features — Report retention: 2 years (730 days) — Real-time alerts (email and webhook) — New sender detection — Custom compliance thresholds — CSV export Pro plan pricing is displayed on the website and may be modified. Any changes will be notified to subscribers with 30 days' notice. Payment is managed through Stripe. Users can change plans at any time; the change takes effect immediately.

Each Organization can register up to 50 domains. Adding a domain requires a three-step verification: 1. Configure the DMARC record with the Mail Guardian reporting address 2. Ownership verification via a DNS TXT record containing a unique token 3. Receipt of the first DMARC report (automatic activation) DNS verification is limited to 5 attempts per hour per domain. Domains remaining in "pending" status for more than 7 days are automatically deleted. The User warrants that they are the legitimate owner or authorized administrator of the domains they register in the Service.

In the course of operating the Service, the Publisher collects and processes: — Account data: email address, encrypted password, language preference, TOTP secret (if 2FA enabled) — Organization data: name, member list and roles — Domain data: domain name, DMARC policy, verification tokens — DMARC reports: metadata (sender, dates), individual records (source IP, SPF/DKIM results, dispositions) Data is stored in a PostgreSQL database hosted on Amazon Web Services (AWS) in the Europe (Ireland) region. Attachments are stored on AWS S3. Data never leaves the European Union. Processing is carried out in accordance with the GDPR (EU Regulation 2016/679). The Publisher acts as data controller. Data is never shared with third parties for commercial purposes.

DMARC reports are retained according to the subscribed plan: — Free Plan: 1 day — Pro Plan: 730 days (2 years) When the retention period expires, reports and their records are permanently deleted. Upon account termination, all personal data and reports are deleted within 30 days, unless legally required to retain them. The User may request deletion of their data at any time by contacting the Publisher at contact@capsens.eu.

The User agrees to: — Provide accurate information during registration — Maintain the confidentiality of their credentials — Only register domains for which they are the owner or authorized administrator — Use the Service in accordance with its intended purpose and applicable laws — Not attempt to circumvent the Service's technical limitations (rate limiting, quotas) — Not use the Service to facilitate sending unsolicited (spam) or fraudulent emails

The following are strictly prohibited: — Using the Service to monitor domains for which the User is not the owner or authorized administrator — Any attempt at unauthorized access to the Service, servers, or databases — Sending falsified or manipulated DMARC reports — Using the DNS diagnostic for mass information gathering on third-party domains — Reselling or redistributing data obtained through the Service without authorization — Any action likely to compromise the security, integrity, or availability of the Service

Mail Guardian, its logo, interface, and all content are the exclusive property of Capsens SAS. DMARC reports remain the property of the User or their Organization. The User grants the Publisher a limited license to process DMARC reports solely for the purpose of providing the Service.

The Service is provided "as is". The Publisher endeavors to ensure the availability and reliability of the Service but does not guarantee uninterrupted or error-free operation. The Publisher shall not be held liable for: — Temporary service interruptions for maintenance or updates — Delays or absence of DMARC reports, which depend on third-party email providers — Decisions made by the User based on data provided by the Service — Indirect damages (loss of revenue, data loss, reputational harm) The Publisher's total liability is limited to the amounts paid by the User during the 12 months preceding the event giving rise to liability.

The User may terminate their account at any time from their profile settings. Termination results in the deletion of all data within 30 days. The Publisher reserves the right to suspend or terminate an account in case of violation of these Terms, with prior email notification except in cases of emergency (security breach, fraudulent activity). Upon termination of a Pro plan, access to Pro features is maintained until the end of the current billing period.

The Publisher reserves the right to modify these Terms at any time. Users will be informed of any substantial modifications by email at least 30 days before the new conditions take effect. Continued use of the Service after the new conditions take effect constitutes acceptance of the updated Terms.

These Terms are governed by French law. In the event of a dispute regarding the interpretation or execution of these Terms, the parties agree to seek an amicable solution. Failing amicable agreement within 30 days, the dispute shall be submitted to the competent courts of Paris. For any questions regarding these Terms: contact@capsens.eu