Legal

Privacy Policy

Last updated: April 28, 2026
Short version: MXGuard is self-hosted. The emails you validate never touch our servers. We only collect what we need to sell you a license and provide support — your name, email, billing details, and basic usage of this website. We don't sell or share your data with anyone for marketing.
Contents
  1. Who we are
  2. What we collect
  3. How we use it
  4. Legal basis (GDPR)
  5. Processors we use
  6. How long we keep it
  7. International transfers
  8. Cookies & analytics
  9. Your rights
  10. Children
  11. Changes
  12. Contact

1. Who we are

This site and the MXGuard software are operated by mxguard.sh ("we", "us"). For the purposes of GDPR, we are the data controller of personal data you provide to us through this website, the checkout flow, and support channels.

Note: when you operate the MXGuard software on your own infrastructure to validate emails, you are the controller of that data — not us. We never see those emails. See Section 2 for details.

2. What we collect

From customers and prospects:

  • Identity & contact: name, email address, company name, billing country.
  • Billing data: handled by our payment processors. We see the order ID, total, country, and last-4 of the card — we do not see your full card number.
  • License data: your License Key, the issue date, and the email it was issued to.
  • Support correspondence: the content of emails you send us when asking for help.

From visitors to mxguard.sh:

  • Server logs: IP address, user-agent, and the pages you requested. Retained for 30 days for abuse detection and debugging.
  • Aggregated analytics: page views and basic geography — see cookies below.

What we do NOT collect:

  • The email addresses you validate using the MXGuard software running on your servers. The software runs entirely on your infrastructure; validation results never leave your network.
  • Your customer lists, CSV uploads, or any application data.
  • Anything from our customers' end users.

3. How we use it

  • Process your purchase, issue your License Key, and provide receipts.
  • Deliver software updates and security patches during your update window.
  • Respond to support requests and feature questions.
  • Send essential service emails (renewal reminders, security advisories, breaking-change notices).
  • Detect and prevent fraud, abuse, and chargebacks.
  • Comply with our legal and tax obligations.

We do not use your data for behavioral advertising. We do not sell your data. We do not share your data with marketing companies.

  • Contract — issuing your License Key and providing the service you paid for.
  • Legitimate interest — running and securing the website, preventing fraud, supporting customers.
  • Legal obligation — keeping accounting records, responding to lawful requests.
  • Consent — for any optional marketing emails (you can unsubscribe at any time).

5. Processors we use

We use a small, deliberate set of vendors to operate the business. Each is contractually bound by an appropriate Data Processing Agreement or equivalent terms.

  • Stripe, Inc. — card payment processing. stripe.com/privacy
  • BTCPay Server (self-hosted by us) — Bitcoin payment processing. No third-party visibility into transactions.
  • NOWPayments — alt-cryptocurrency payment processing. nowpayments.io/privacy-policy
  • Vercel Inc. — hosting for this website (mxguard.sh). vercel.com/legal/privacy-policy
  • Supabase Inc. — backend database and edge functions for the customer portal. supabase.com/privacy
  • Cloudflare Inc. — DNS, CDN, and DDoS protection.
  • Email provider — for sending receipts, license keys, and support replies. We'll keep this list current.

6. How long we keep it

  • License & customer records — for the lifetime of your license, plus 7 years afterwards for tax and accounting compliance.
  • Support emails — 3 years from the last reply.
  • Server logs — 30 days.
  • Marketing list (if you opt in) — until you unsubscribe.

7. International transfers

Some of our processors are located outside the UK/EEA (notably the United States). Where personal data is transferred internationally, we rely on the Standard Contractual Clauses approved by the European Commission and the UK ICO, plus any supplementary measures the processor commits to under its DPA.

8. Cookies & analytics

This site uses the minimum tracking necessary to run:

  • Strictly necessary — keeps your theme preference (dark/light) and remembers you've dismissed banners. No tracking.
  • Privacy-respecting analytics — anonymous page-view counts via Vercel Analytics (no cookies, no personal identifiers). You can use any standard browser blocker to opt out.

We do not use Google Analytics, Facebook Pixel, ad-targeting cookies, or session-replay tools.

9. Your rights

If you are in the UK, EEA, California, or another jurisdiction with privacy law, you have the right to:

  • Access the personal data we hold about you.
  • Rectify it if it is incorrect.
  • Erase it (subject to legal retention obligations).
  • Restrict or object to certain processing.
  • Port your data to another provider.
  • Withdraw consent at any time where consent is the legal basis.
  • Lodge a complaint with your local supervisory authority.

To exercise any of these rights, email support@mxguard.sh. We respond within 30 days.

10. Children

MXGuard is a B2B product. We do not knowingly collect personal data from anyone under 16. If we learn we have, we'll delete it immediately.

11. Changes

If we make material changes to this policy, we'll email active license holders and post a notice on this page at least 30 days before the change takes effect. Minor edits (typo fixes, clarifications) are made without notice but are reflected in the "Last updated" date at the top.

12. Contact

Privacy questions, data-subject requests, or general concerns:

For matters specifically related to card transactions handled by Stripe, see Stripe's privacy policy.