DMARCER runs on its own servers across several regions around the world. Where your data is handled depends on the region you pick for each domain. This article explains what stays in your chosen region and what we look after centrally. For the full legal detail, please see our Privacy Policy.
Our regions
We currently have dedicated servers in seven regions: the United Kingdom, Ireland, the United States, Canada, South Africa, Singapore and Australia. When you add a domain, you choose the region it is monitored in. By default this is the region that matches your country, but you are free to change it.
What is handled in your region
When you choose a region for a domain, all the reporting data for that domain (your DMARC aggregate (RUA) reports, forensic (RUF) reports, and MTA-STS and TLS-RPT data) is processed and stored on our dedicated servers in that region. The reports we build from it stay in that region too, and are never copied or moved to another region.
What we look after centrally
Your account and login details, your organisation's information, and your billing are looked after by our central system, which is hosted in the United Kingdom and the EU. When you view your data in the DMARCER app, our central system fetches it from the right regional store on the spot and shows it to you through our UK and EU layer. The reporting data itself never leaves its region; the central system simply presents it to you.
International transfers and safeguards
Because viewing your data brings it through our UK and EU layer, some access may involve moving it outside your region. Where personal data is transferred outside the UK or EEA, we rely on proper safeguards such as UK adequacy regulations, the UK International Data Transfer Agreement, or EU Standard Contractual Clauses. Your data is protected with encryption while it travels, strict access controls, regional separation, and multi-factor authentication for our staff.
For the complete detail, please see sections 8 to 12 of our Privacy Policy.