Last Updated: April 20, 2026

Privacy Policy for Spoof Checker

At Spoof Checker, accessible from spoofchecker.com, one of our main priorities is the privacy of our visitors. This Privacy Policy describes the types of information we collect, how we use it, and with whom we share it.

If you have questions about this Privacy Policy, please contact us at sales@spoofchecker.com.

This Privacy Policy applies only to our online activities and is valid for visitors to our website with regard to information they share with or that is collected by Spoof Checker. It does not apply to information collected offline or through channels other than this website.

Consent

By using our website, you consent to this Privacy Policy and agree to its terms.

Information We Collect

We collect the following categories of personal information:

  • Account information: When you register for an account, we collect your name, company name, email address, and optionally your phone number.
  • Domains submitted for monitoring: The domain names you submit to our service are stored and used to perform security scans on your behalf.
  • Contact submissions: If you contact us directly, we may receive your name, email address, phone number, message content, and any attachments you choose to provide.
  • Billing information: If you purchase a subscription, billing and payment details are collected and processed by our payment processor (PayPal). We do not store full payment card numbers on our servers.
  • Email preferences and alert settings: Your notification preferences and, if you choose to enable it, your Slack webhook URL for receiving alerts.
  • Log data: Our servers automatically record information including IP addresses, browser type, Internet Service Provider (ISP), date and time stamps, referring and exit pages, and click counts. This information is not linked to personally identifiable information and is used for analytics and security purposes.

How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Spoof Checker service, including running automated domain security scans
  • Send you email alerts when changes are detected in your domain’s SPF, DKIM, or DMARC configuration
  • Send transactional communications, including account notices and service updates
  • Process payments and manage your subscription
  • Improve, personalize, and expand our service
  • Analyze how users interact with our website and service
  • Detect and prevent fraud and abuse
  • Respond to customer support inquiries

Log Files

Spoof Checker follows standard industry practice of maintaining server log files. These logs record IP addresses, browser type, ISP, date and time stamps, referring and exit pages, and number of clicks. This data is used to analyze trends, administer the site, track user movement on the website, and gather aggregate demographic information. Log data is not linked to personally identifiable information.

Third-Party Services

Spoof Checker uses the following third-party services, each of which has its own privacy policy governing how your data is handled:

  • Google Firebase: We use Firebase Realtime Database and Firebase Storage (Google) to store user account data, domain monitoring configurations, and scan results.
  • Amazon Web Services (AWS SES): We use AWS Simple Email Service to deliver transactional alert emails to you.
  • PayPal: Subscription payments are processed through PayPal via the Paid Memberships Pro plugin. PayPal handles billing information directly; please review PayPal’s privacy policy for details.
  • VirusTotal: When enabled, domain reputation data may be retrieved from VirusTotal to enrich security scan results. Only domain names (not personal data) are sent to VirusTotal.
  • ipinfo.io: IP addresses associated with scanned domains may be sent to ipinfo.io for geolocation enrichment. Only IP addresses are transmitted, not personal data.
  • Slack: If you configure a Slack webhook URL in your account settings, Spoof Checker will send security alert notifications to that URL on your behalf. You control this integration and may remove it at any time.
  • WHOIS services: Domain registration data (such as registration date and registrar) is retrieved from public WHOIS records as part of our security analysis. No personal data is transmitted in these lookups.

We do not sell your personal data to third parties.

CCPA Privacy Rights (Do Not Sell My Personal Information)

Under the CCPA, California consumers have the right to:

  • Request that we disclose the categories and specific pieces of personal data we have collected about you.
  • Request that we delete personal data we have collected about you.
  • Request that we not sell your personal data.

We do not sell personal data. If you would like to exercise any of these rights, please contact us at sales@spoofchecker.com. We will respond within one month.

GDPR Data Protection Rights

If you are located in the European Economic Area, you are entitled to the following rights:

  • Right to access — You may request copies of your personal data.
  • Right to rectification — You may request that we correct inaccurate or incomplete information.
  • Right to erasure — You may request that we delete your personal data, under certain conditions.
  • Right to restrict processing — You may request that we restrict processing of your personal data, under certain conditions.
  • Right to object to processing — You may object to our processing of your personal data, under certain conditions.
  • Right to data portability — You may request that we transfer your data to another organization or directly to you, under certain conditions.

To exercise any of these rights, please contact us at sales@spoofchecker.com. We will respond within one month.