PowerDMARC MCP Connector

Privacy Policy

Last updated: June 24, 2026

Overview

This Privacy policy explains how the PowerDMARC MCP connector (“the Connector”) handles data when you use it with AI assistants such as Claude, ChatGPT, Cursor, Microsoft Copilot and other supported integrations made available by PowerDMARC from time to time. It supplements the main PowerDMARC Privacy Policy at powerdmarc.com/privacy-policy/ and applies specifically to data accessed through the Connector.

What the Connector accesses

When you authorize the Connector, it acts on your behalf against your existing PowerDMARC account. Depending on which actions the AI assistant performs at your request, the Connector may access:

  • Domain information – domains registered in your PowerDMARC account, their configuration, and health status
  • Email authentication data – DMARC aggregate and forensic reports, SPF, DKIM, BIMI, and MTA-STS records and analytics for your domains
  • DNS and lookup data – public DNS records and WHOIS information for domains you query
  • Account activity – audit logs associated with your account
  • MSSP / organization data – for managed-service accounts, sub-account and member information you are authorized to manage

The Connector only accesses data that your PowerDMARC account permissions already allow. It cannot access anything you could not access directly. The Connector does not access account data or perform actions outside the permission granted by you or an authorized user.

Data we collect

When you use the Connector, PowerDMARC may process the following data:

  • Authentication Data: Your account email address, role and account permissions.
  • Authorization Data: OAuth authorization codes and access/refresh tokens, which are processed transiently to authenticate each request and are not stored
  • Data access through the Connector: The data used only to answer your request or perform the actions you authorize. 

How data is used

Data retrieved through the Connector is used solely to fulfill the request you make through your AI assistant – for example, summarizing a DMARC report or checking a domain’s authentication status. The Connector does not use your data for advertising, profiling, or training AI models.

Authentication

The Connector authenticates to PowerDMARC using OAuth. Your AI assistant obtains an access token through this flow; PowerDMARC never receives your AI assistant login credentials, and the Connector never sees your PowerDMARC password. Tokens are forwarded to PowerDMARC’s API on each request and are not stored by the Connector. You can revoke the Connector’s access at any time from your PowerDMARC account or your AI assistant’s connector settings.

Data sharing and processing

When you use the Connector, your requests and the resulting data pass between your AI assistant provider (e.g. Anthropic or OpenAI) and PowerDMARC. Each party processes that data under its own privacy policy. PowerDMARC does not sell data accessed through the Connector or share it with third parties beyond what is necessary to operate the service.

Data retention

The Connector does not store authentication tokens or any request content. OAuth tokens are passed through to PowerDMARC’s API on each request and are not persisted by the Connector.

The Connector logs only operational metadata – the timestamp, route, and response status of each request – for reliability and security monitoring. These logs contain no domain data, report content, or request payloads, and are retained for a maximum of thirty (30)  days, after which they are automatically deleted.

Report and domain data remain in your PowerDMARC account and are governed by your account’s existing settings.

Security

PowerDMARC applies technical and organization measures designed to protect Connector data against unauthorized access, loss, misuse, alteration or disclosure. These measures include encryption in transit, role-based access controls, authentication and authorization controls, scoped access permissions, logging controls, vulnerability management and incident procedures.

Your rights and choices

You can disconnect the Connector at any time to immediately revoke its access. For questions about your data, corrections, or deletion requests, contact us using the details below. Your rights under applicable data protection laws are described in the main PowerDMARC Privacy Policy.

Contact

Email: [email protected]

Privacy policy: https://powerdmarc.com/privacy-policy/