Privacy Policy

ARC-Relay ("we", "us", "our") operates the email relay service at arc-relay.com. This policy explains what data we collect, how we use it, and your rights.

1. What We Collect

Account Information

• Email address — used for authentication, billing, and service communication
• Password hash — stored securely by Supabase Auth (we never see or store plaintext passwords)
• Billing data — subscription plan, Stripe customer ID, and payment status. Credit card details are stored by Stripe, never by us.

Domain Configuration

• Domain names you add for forwarding
• Email aliases and forwarding destinations you configure
• Sender block rules you create
• DNS verification tokens
• DKIM private keys (Pro+ plans) — RSA 2048-bit keypairs generated for per-domain DKIM signing, stored encrypted

API & Integration Data

• API keys — stored as SHA-256 hashes. We cannot recover the plaintext key after creation; only a prefix is retained for identification.
• API usage counts — we track the number of authenticated API requests per month to enforce plan quotas
• Webhook endpoint URLs (Business+ plans) — the HTTP(S) URLs you register to receive event callbacks
• Webhook delivery logs — HTTP status codes and timestamps for webhook deliveries, retained for debugging
• DNS monitoring configuration (Pro+ plans) — which domains you monitor and your alert email address
• DNS monitoring results — health scores and check results from automated DNS scans

Relay Metadata (Logs)

When an email is forwarded through ARC-Relay, we log:

• Sender email address (envelope from)
• Recipient email address (envelope to)
• Domain name
• Delivery status (delivered, rejected, or failed)
• Rejection reason (if applicable)
• SRS-rewritten sender address
• Relay processing latency
• Timestamp

What We Do NOT Collect

• Email subject lines — never logged or stored
• Email body content — never read, stored, or indexed
• Attachments — never stored or inspected
• Email headers beyond envelope data — not logged

2. How Email Processing Works

ARC-Relay is a pass-through relay. When an email arrives:

• The raw message is held in server memory (RAM) only
• ARC-Seal headers are computed and prepended
• The envelope sender is rewritten using SRS
• The message is forwarded to the destination mail server
• The in-memory buffer is released (garbage collected)

Email content is never written to disk, stored in a database, or retained in any form. The only data persisted is the relay metadata described above.

Public API (No Account Required)

The Email Health Score API (GET /api/tools/health/{domain}) is publicly accessible without authentication. When you or anyone queries this endpoint, we receive only the domain name. No personal data is collected, and results are not linked to any account. DNS lookups are performed server-side and cached temporarily.

3. Data Retention

• Account data (email, plan, domains, aliases, rules, API keys, webhooks, DKIM keys) — retained for the lifetime of your account
• Relay logs — automatically purged based on your plan: 7 days (Free), 30 days (Pro), 90 days (Business and Enterprise)
• DNS monitoring history — alert records retained for the lifetime of the monitor; deleted when you remove the monitor or your account
• API usage counters — reset on the 1st of each month; historical counts are not retained
• Postfix mail queue — messages are held temporarily during delivery (typically seconds) and removed after successful delivery or final failure

4. How We Use Your Data

• Email relay — to forward messages and enforce plan limits
• Relay logs — to power your Live Logs and Analytics dashboard
• Billing — to manage your subscription via Stripe
• Service communication — to notify you of account issues, DNS monitoring alerts, and weekly health digest emails (Pro+ plans). We do not send marketing email.
• Webhooks — to deliver real-time event notifications to endpoints you configure
• DNS monitoring — to check your domain's email authentication records on a schedule and alert you to changes
• API access control — to authenticate API requests and enforce usage quotas

We do not sell, share, or provide your data to third parties for advertising, profiling, or any purpose unrelated to operating the service.

5. Third-Party Services

• Supabase (database and authentication) — stores account data and relay logs. Supabase Privacy Policy
• Stripe (payment processing) — processes payments and stores credit card data. Stripe Privacy Policy
• Let's Encrypt (TLS certificates) — provides encryption certificates for secure connections

No analytics trackers, advertising pixels, or social media widgets are used on arc-relay.com.

6. Data Security

• All web traffic encrypted via HTTPS (TLS 1.2+)
• All SMTP traffic encrypted via STARTTLS
• Passwords hashed by Supabase Auth (bcrypt)
• Database access governed by Row-Level Security policies
• API keys hashed with SHA-256 before storage — plaintext keys are never retained
• DKIM private keys stored encrypted at rest
• API rate limiting to prevent abuse
• Webhook payloads signed with HMAC-SHA256 to prevent forgery
• Stripe webhook signatures verified cryptographically

7. Your Rights

You have the right to:

• Access your data — view it in the dashboard, or download a full export from Settings
• Export your data — the "Download My Data" button in Settings provides a structured JSON export of all account data, domains, aliases, rules, and relay logs
• Delete your account — the "Delete Account" button in Settings permanently and irreversibly removes all your data (account, domains, aliases, rules, logs, and auth credentials)
• Correct your data — update your email aliases, domains, and sender rules at any time through the dashboard

These rights apply regardless of your jurisdiction. We do not require you to cite a specific regulation to exercise them.

8. GDPR Compliance (EU Users)

• Legal basis: contract performance (we process data to provide the service you signed up for)
• Data portability: available via the JSON export in Settings
• Right to erasure: available via account deletion in Settings
• Data minimization: we collect only what is necessary to operate the relay (no content, no subjects, no tracking)
• Retention limits: relay logs automatically deleted after 90 days

9. CCPA Compliance (California Users)

• We do not sell personal information
• We do not share personal information for cross-context behavioral advertising
• You may request deletion of your data at any time via the Settings page

10. Children's Privacy

ARC-Relay is not directed at children under 13. We do not knowingly collect data from children. If we learn that a child under 13 has provided us with personal data, we will delete it promptly.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated by updating the "Last updated" date at the top of this page. Continued use of the service after changes constitutes acceptance.

12. Contact

For privacy questions or data requests, contact us at:
support@arc-relay.com