Privacy Policy
We collect the sender domain and structured metadata extracted from the email headers you choose to report: SPF/DKIM/DMARC results, the sending IP, and a hash of the raw headers for de-duplication.
We do NOT store raw email headers or any message body. Raw headers are parsed and immediately discarded.
Authentication is handled by Supabase using a magic link (Google sign-in is coming soon). We never see your email password.
We do not sell data or run third-party trackers.
You can permanently delete your account and everything tied to it at any time from your supporter portal. Deletion cascades immediately to your reports, votes, pledges, and claims — no support request needed.