This Privacy Notice describes how DuoCircle LLC (“DuoCircle,” “we,” “us”) collects, uses, and shares personal data when you visit our websites, evaluate our products, become a customer, or are a recipient or sender of email handled by our services. It applies to duocircle.com and to every product domain in our portfolio, including phishprotection.com, autospf.com, dmarcreport.com, outboundsmtp.com, mailflowmonitoring.com, tenantmigration.com, alumniforwarding.com, nureply.com, and inboxissue.com.
Two roles, two scopes
DuoCircle operates in two privacy roles, and which one applies determines which document governs.
- Controller, for our own websites and customers. When you visit our marketing sites, sign up for an account, request a demo, contact support, or read our blog, we are the controller of any personal data you provide. This Privacy Notice applies.
- Processor, for email handled on behalf of customers. When email is processed by one of our services because a DuoCircle customer is using us to filter, authenticate, deliver, route, or report on their mail, the customer is the controller of that personal data and we are the processor. The Data Protection Addendum governs that relationship. If you are an end user wondering why a particular DuoCircle product handled your email, contact the organization that operates the affected mailbox or sending domain.
What we collect, when we are the controller
We collect three categories of data on our marketing sites, sales process, and customer relationship.
| Category | What is included | Why we collect it |
|---|---|---|
| Account and contact data | Name, business email, company, role, billing details | To create and manage your account, communicate about your service, and bill correctly |
| Usage and device data | Pages viewed, referrer, browser, operating system, IP address, session timing | To operate, secure, and improve the websites and customer portal |
| Sales and support data | Messages you send to support, sales, or chat; call recordings where law and consent allow | To answer your questions, resolve issues, and improve our service |
| Marketing data | Email open and click tracking, event registrations, ad interactions | To measure marketing performance and respect your communication preferences |
We do not knowingly collect personal data from anyone under sixteen. If you believe a child has provided us personal data, contact legal@duocircle.com and we will delete it.
How we use your data
We use the data to:
- Provide, maintain, secure, and improve our products and websites
- Authenticate your access, prevent fraud, and meet our security obligations
- Process payments and handle billing matters
- Respond to your requests, support tickets, and questions
- Send you product updates, security advisories, and other transactional messages you cannot opt out of without ending your account relationship
- Send marketing emails that you can unsubscribe from at any time using the link in every marketing message
- Comply with applicable law, tax obligations, and lawful requests, as described in our Legal Request Response Policy
How we share your data
We do not sell personal data. We share it only as set out below.
- Subprocessors. Vendors that operate parts of our infrastructure, including hosting, authentication, payments, customer support, and analytics. The current list is at /legal/subprocessors/.
- Within the DuoCircle portfolio. Across our affiliated brands, where doing so is needed to operate the service you signed up for.
- Compelled disclosures. Where required by valid legal process, after the review described in our Legal Request Response Policy.
- Corporate transactions. In connection with a merger, acquisition, financing, or sale of all or substantially all of our assets, in which case we will give notice of any material change in privacy practice.
Cookies, analytics, and ad tech
The cookie classes we use and your control over them are documented at /legal/cookies/. Our consent banner implements Google Consent Mode v2; choices made there are honored across our sites. You can change them at any time by clicking “Cookie Preferences” in the footer.
Your rights
Depending on where you live, you have some or all of the following rights, and we honor them regardless of where you live to the extent feasible.
- Request access to the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data, subject to retention obligations under law and our agreements with you
- Request a portable copy of your data
- Object to or restrict certain processing
- Withdraw consent for processing that relies on consent
- Lodge a complaint with a supervisory authority. In the EU, that is your local data protection authority. In the United States, the appropriate state attorney general.
To exercise any right, email privacy@duocircle.com. We respond within thirty days unless local law requires faster, in which case we follow the local timeline. We may need to verify your identity before acting on a request.
Your California Privacy Rights
This section is for California residents. It supplements the rights described above and is provided to comply with the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (together, “CCPA/CPRA”). Capitalized terms in this section have the meaning given in the CCPA/CPRA.
Categories of Personal Information collected
Over the past twelve months, DuoCircle has collected the categories of Personal Information described in the table below. The same categories continue to be collected on the same basis going forward.
| Category | Examples | Source | Purpose | Retained |
|---|---|---|---|---|
| Identifiers | Name, business email, IP address, account ID | You, our cookies, your browser | Operate accounts, authenticate, communicate | Account life plus legal hold |
| Customer Records | Billing details, postal address, phone number | You, our payment processors | Process transactions, comply with tax law | Account life plus legal hold |
| Commercial information | Products purchased, usage data | Your activity with us | Provide and improve the service | Up to twenty-six months in raw form |
| Internet or network activity | Pages visited, referrer, session timing | Our cookies, our logs | Operate, secure, and improve the websites | Up to twenty-six months |
| Geolocation (coarse, IP-based only) | City-level location inferred from IP | Our logs | Fraud prevention, regional content | Up to twenty-six months |
| Inferences | Engagement segments, lifecycle stage | Derived from above | Marketing, retention | Up to twenty-six months |
| Professional information | Job title, employer | You, on forms you submit | Sales qualification, customer onboarding | Account life |
We do not collect Sensitive Personal Information beyond account credentials, which we hold solely to provide the service you signed up for. We do not collect Social Security numbers, government IDs, precise geolocation, racial or ethnic origin, religious beliefs, union membership, genetic data, biometric identifiers, health data, sexual orientation, or contents of mail and messages other than as required to deliver the email-handling services described in the Cloud Terms.
Your rights
As a California resident you have the right to:
- Know what Personal Information we have collected about you, the categories of sources, the purposes for collecting it, and the categories of third parties to whom we disclose it
- Access a portable copy of the Personal Information we hold about you
- Correct inaccurate Personal Information
- Delete Personal Information we have collected from you, subject to legal exceptions
- Opt out of the Sale or Sharing of Personal Information
- Limit the use and disclosure of Sensitive Personal Information to what is necessary to provide the service
- Non-discrimination in the prices, services, or quality you receive when you exercise any of these rights
Sale and Sharing
DuoCircle does not Sell Personal Information for monetary consideration. DuoCircle does not Share Personal Information for cross-context behavioral advertising in the meaning of the CPRA. We do not need a “Do Not Sell or Share My Personal Information” link, but we provide one in the cookie banner anyway as a courtesy.
How to exercise your California rights
Email privacy@duocircle.com with the subject line “California Rights Request” and the right you wish to exercise. We will verify your identity by matching the email to an account on file or by asking for additional information sufficient to confirm you are the person whose data is requested. We will not share verification information with any third party.
You may designate an authorized agent to make a request on your behalf by providing written authorization and verification of the agent’s identity, or by providing the agent with a power of attorney executed under California Probate Code sections 4000 to 4465.
We respond within forty-five days. We may extend the response window once by up to forty-five additional days where reasonably necessary, with notice to you.
Notice of financial incentives
DuoCircle does not currently offer financial incentives or price-or-service differences in exchange for Personal Information. If we ever do, this section will be updated and the program will be described before it begins.
Data location and transfers
We host the cloud services in data centers located in the United States, Canada, the European Union, the United Kingdom, India, and Australia, depending on the product and the region. When personal data moves out of the EEA, the United Kingdom, or Switzerland to a country that has not received an adequacy decision, we use the EU Standard Contractual Clauses with the UK Addendum or Swiss amendments where applicable, as set out in the Data Protection Addendum.
Retention
We keep account data for as long as you have an active account, plus the period required to meet our legal, tax, and audit obligations. Marketing tracking data is retained for up to twenty-six months. Support tickets are retained for up to seven years. Specific retention periods for personal data we process on behalf of customers are set by the customer and described in the DPA.
Security
We implement encryption in transit and at rest, multi-factor authentication, role-based access controls, vulnerability and dependency management, central logging with alerting, vendor security review, and annual independent SOC 2 Type II audit. The current security statement is at /legal/security/.
Changes to this notice
We update this notice when our practices change or when law requires it. Material changes are announced by email to the contact on each affected account at least thirty days in advance and posted here with an updated revision date.
Contact
| Why | Where |
|---|---|
| General privacy questions | privacy@duocircle.com |
| Data subject access, correction, deletion, or portability requests | privacy@duocircle.com |
| Legal process and law enforcement requests | See /legal/legal-requests/ |
| Mailing address | DuoCircle LLC, 5965 Village Way, Suite 105-234, San Diego, CA 92130, United States |
Earlier versions
Documents previously published as the DuoCircle Privacy Policy, the DuoCircle GDPR Privacy Policy, the DuoCircle Privacy Framework, and the DuoCircle Data Deletion Request page are superseded by this Privacy Notice together with the Data Protection Addendum and the Cookies notice.
Questions about this document?
DuoCircle LLC, 5965 Village Way, Suite 105-234, San Diego, CA 92130. Email legal@duocircle.com for legal inquiries, or support@duocircle.com for everything else.