Privacy Policy

Effective date: March 1, 2026

Introduction

HemanthVA Ventures LLC, doing business as Authex ("Authex," "we," "us," or "our") operates the authex.online website and the Authex email security platform (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect information when you use our Service.

By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

This policy applies to all visitors, users, and customers of the Service, including those who use the free domain scanner, create accounts, or subscribe to paid plans.

Information We Collect

Account Information

When you create an account, we collect personal information that you voluntarily provide, including:

  • Full name
  • Email address
  • Company or organization name
  • Job title or role
  • Password (stored in hashed form)
  • Billing information (processed by our payment provider; we do not store full payment card details)

Domain Scan Data

When you use our domain scanner or monitoring features, we collect data related to the domains you scan, including:

  • Domain names submitted for scanning
  • DNS records retrieved, including DMARC, SPF, DKIM, MTA-STS, TLS-RPT, and BIMI records
  • Scan results, scores, and protocol status assessments
  • AI-generated insights and recommendations
  • Historical scan data for monitored domains

Usage Data

We automatically collect certain information when you interact with the Service, including:

  • Pages viewed and features used
  • Time spent on pages and interaction patterns
  • Referral sources and navigation paths
  • Search queries and filter selections within the platform

Technical Data

We collect technical information about your device and connection, including:

  • IP address
  • Browser type and version
  • Operating system and device type
  • Screen resolution and viewport size
  • Time zone and language preferences

Communication Data

When you communicate with us, we collect:

  • Support ticket content and correspondence
  • Emails exchanged with our team
  • Feedback and survey responses
  • Any information you choose to provide in communications

How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and maintain the Service: To operate the platform, perform domain scans, deliver reports, and provide email authentication monitoring and enforcement tools.
  • Improve and develop the platform: To understand how the Service is used, identify areas for improvement, develop new features, and optimize performance.
  • Security monitoring: To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities; to protect the rights, property, or safety of Authex, our users, or others.
  • Customer support: To respond to your inquiries, troubleshoot issues, and provide technical assistance.
  • Compliance: To comply with applicable laws, regulations, and legal processes.
  • Analytics and research: To conduct aggregate analysis and research on email authentication adoption, security trends, and protocol deployment patterns.
  • Communications: To send you transactional emails (scan results, alerts, account updates), and, where permitted, promotional communications about new features or services.

DNS and Email Authentication Data

An essential part of our Service involves querying and analyzing publicly available DNS records. We want to be transparent about how this data is handled:

  • Public data: DNS records, including DMARC, SPF, DKIM, MTA-STS, TLS-RPT, and BIMI records, are published in the public Domain Name System. Querying these records is equivalent to performing a standard DNS lookup, which any person or service on the Internet can do.
  • Service operation: We query these records to provide our core service, which includes scanning domains, generating security scores, identifying misconfigurations, and providing actionable recommendations.
  • Storage of scan results: We store domain scan results in order to provide historical tracking, change detection, and progress monitoring over time. For authenticated users, scan history is associated with their account.
  • Aggregate and anonymized data: We may use aggregate and anonymized scan data for research purposes, such as publishing reports on email authentication adoption rates, protocol deployment trends, and common misconfigurations across the Internet. This data cannot be used to identify individual users.
  • No email content access: Authex never accesses, reads, stores, or processes the content of any email messages. Our Service operates exclusively at the DNS and protocol configuration level. We analyze authentication records and aggregate DMARC reports (which contain metadata about email delivery, not message content).

Data Sharing

We do not sell your personal information to third parties. We may share your information in the following limited circumstances:

  • Service providers: We share information with third-party vendors who assist us in operating the Service, such as cloud infrastructure providers, payment processors, analytics providers, and customer support tools. These providers are contractually obligated to use your data only to perform services on our behalf.
  • Legal requirements: We may disclose information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business transfers: If Authex is involved in a merger, acquisition, financing, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website before your information becomes subject to a different privacy policy.
  • With your consent: We may share your information for any other purpose with your explicit consent.

Data Security

We take the security of your data seriously and implement appropriate technical and organizational measures to protect it, including:

  • Encryption of data in transit using TLS 1.2 or higher
  • Encryption of sensitive data at rest using AES-256
  • Role-based access controls and the principle of least privilege
  • Regular security assessments and penetration testing
  • SOC 2 Type II-aligned security practices and controls
  • Incident response procedures with defined escalation paths
  • Employee security awareness training
  • Multi-factor authentication for internal systems

While we strive to use commercially acceptable means to protect your personal information, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. Specific retention periods include:

  • Account data: Retained for the duration of your account and for up to 30 days after account deletion to allow for recovery.
  • Scan results: Historical scan data is retained for up to 24 months for active accounts. Anonymized aggregate data may be retained indefinitely.
  • Usage and technical data: Retained for up to 12 months.
  • Communication records: Support correspondence is retained for up to 36 months.

You may request deletion of your data at any time by contacting us at privacy@authex.online. We will process deletion requests within 30 days, subject to legal retention obligations.

Your Rights

Depending on your location, you may have the following rights regarding your personal information:

General Rights

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Portability: Request a machine-readable copy of your data.
  • Opt-out: Opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or contacting us directly.

GDPR Rights (EEA Residents)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including the right to:

  • Restrict the processing of your personal data
  • Object to processing based on legitimate interests
  • Withdraw consent at any time (where processing is based on consent)
  • Lodge a complaint with a supervisory authority

CCPA Rights (California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including the right to:

  • Know what personal information is collected and how it is used
  • Request deletion of your personal information
  • Opt out of the sale of personal information (note: we do not sell personal information)
  • Non-discrimination for exercising your privacy rights

To exercise any of these rights, please contact us at privacy@authex.online. We will respond to your request within 30 days.

International Transfers

Authex is based in the United States. Your information may be transferred to and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.

When we transfer personal data from the EEA, UK, or Switzerland, we rely on appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Addendums with our sub-processors
  • Adequacy decisions where applicable

For more information about our data transfer practices, please refer to our Data Processing Addendum.

Cookies

We use cookies and similar tracking technologies to collect and track information about your activity on our Service. Cookies are small data files stored on your device that help us improve your experience, understand usage patterns, and deliver relevant content.

For detailed information about the types of cookies we use, their purposes, and how to manage your cookie preferences, please see our Cookie Policy.

Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to delete that information as soon as possible.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@authex.online so we can take appropriate action.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Post the updated policy on this page with a revised effective date
  • Notify you by email (for account holders) at least 30 days before material changes take effect
  • Display a prominent notice on the Service

Your continued use of the Service after changes become effective constitutes your acceptance of the revised Privacy Policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Email: privacy@authex.online
  • Mail: HemanthVA Ventures LLC, 131 Continental Drive, Suite 305, Newark, DE 19713, United States

We aim to respond to all inquiries within 30 business days.