Effective date: 30-05-2022
Visitors to our website and users of our Services are covered by this policy. Please note that individuals under the age of 18 years old are not allowed to use our Services.
What do we collect
We collect your email address when creating your account. We may process anonymized IP addresses when they add substantial value to a report (like deduplicating reports and checking how widespread an error is). These anonymized IP addresses are needed so that users of our Services can properly debug the error reports we receive.
How do we use this information
Who has access to your Reporting Data
No one can access your data besides you and authorized URIports personnel for maintenance and support purposes.
We use an essential cookie to allow you to log in to our service. We do not track or build a profile of you.
This cookie will be placed in your browser when you log in:
|__Host-PHPSESSID||Cookie to identify your current session to the server so we know you have access to the application.|
Personal Data in received reports
Reporting API (web reports)
Browser generated reports that we receive may contain personal data when it is included in the website URI's. We discourage the inclusion of personal data in a URI from a security and privacy perspective.
Several report elements that we receive may contain personal data. We try to remove all personal data from the received reports and store reports only for a limited time, based on the data retention in the chosen subscription. The following report elements may contain personal data:
|IP addresses||these are removed and not stored by us unless it is an IP address of a server.|
|HTTP Referer||The "referring site" may be received as part of a report and may contain the data relating to an identified or identifiable individual.|
|Document URI||The structure of URI may relate to an identifiable person, like:
|Query Parameters||A query string may contain personal data in the key names or values, like
|URI fragments||A URI fragment may contain personal data, like:
DMARC Aggregate Reports
Aggregate reports are sent by mail receivers and do not contain Personal Data. IP addresses included in these reports are from sending mail servers that are not operated by individuals. In theory, users can run a personal mail server from their home IP address, although this scenario is unlikely.
DMARC Failure Reports
When an email fails DMARC validation, a failure report is sent that may contain the original email headers and body. Because these reports may contain Personal Data, we remove the message body and the Personal Data from the headers. It is possible to save the original body and headers by providing us with a PGP public key. Then, no one besides the key owner (you) can decrypt and view the data. Read more about privacy and DMARC failure reports in our blog.
Company and servers location
Our company and servers are located in the Netherlands (within the EU) and must comply with stringent privacy legislation. Furthermore, the servers are located in a highly secured data center to create the safest possible place for your Reporting Data.
Data Subject Rights
As a Processor, we will assist a Controller in helping them respond to any Data Subject rights requests. The following technical capabilities are available for a data subject to request:
- Access: Request individual reports that contain Personal Data. The reports do not contain structured Personal Data. We try to remove as much Personal Data as possible from received reports. Some Personal Data may still be available in the reports (see section "Personal Data in received reports") that can be accessed at the request of a data subject.
- Rectification: Not applicable
- Erasure: Reports are automatically erased after the retention period defined in the subscription.
- Restriction: Not applicable
- Portability: Not applicable
Third-party service services
We do not use any third-party services.
Data Collected as your Data Processor
We collects data on behalf of our customers in the context of providing our Services. The customer has complete control over all the data collection carried out as part of the Service. Read more in the Data Processing Agreement.
We uses a variety of security measures to maintain the safety of your Personal Data. All the data the Service sends to you and back are transmitted via Transport Layer Security (TLS) technology. Any provided payment information is at Paddle.