What the Connector accesses
When you authorize the Connector, it acts on your behalf against your existing PowerDMARC account. Depending on which actions the AI assistant performs at your request, the Connector may access:
- Domain information – domains registered in your PowerDMARC account, their configuration, and health status
- Email authentication data – DMARC aggregate and forensic reports, SPF, DKIM, BIMI, and MTA-STS records and analytics for your domains
- DNS and lookup data – public DNS records and WHOIS information for domains you query
- Account activity – audit logs associated with your account
- MSSP / organization data – for managed-service accounts, sub-account and member information you are authorized to manage
The Connector only accesses data that your PowerDMARC account permissions already allow. It cannot access anything you could not access directly. The Connector does not access account data or perform actions outside the permission granted by you or an authorized user.
Data we collect
When you use the Connector, PowerDMARC may process the following data:
- Authentication Data: Your account email address, role and account permissions.
- Authorization Data: OAuth authorization codes and access/refresh tokens, which are processed transiently to authenticate each request and are not stored
- Data access through the Connector: The data used only to answer your request or perform the actions you authorize.
How data is used
Data retrieved through the Connector is used solely to fulfill the request you make through your AI assistant – for example, summarizing a DMARC report or checking a domain’s authentication status. The Connector does not use your data for advertising, profiling, or training AI models.
Authentication
The Connector authenticates to PowerDMARC using OAuth. Your AI assistant obtains an access token through this flow; PowerDMARC never receives your AI assistant login credentials, and the Connector never sees your PowerDMARC password. Tokens are forwarded to PowerDMARC’s API on each request and are not stored by the Connector. You can revoke the Connector’s access at any time from your PowerDMARC account or your AI assistant’s connector settings.
Data sharing and processing
When you use the Connector, your requests and the resulting data pass between your AI assistant provider (e.g. Anthropic or OpenAI) and PowerDMARC. Each party processes that data under its own privacy policy. PowerDMARC does not sell data accessed through the Connector or share it with third parties beyond what is necessary to operate the service.
Data retention
The Connector does not store authentication tokens or any request content. OAuth tokens are passed through to PowerDMARC’s API on each request and are not persisted by the Connector.
The Connector logs only operational metadata – the timestamp, route, and response status of each request – for reliability and security monitoring. These logs contain no domain data, report content, or request payloads, and are retained for a maximum of thirty (30) days, after which they are automatically deleted.
Report and domain data remain in your PowerDMARC account and are governed by your account’s existing settings.
Security
PowerDMARC applies technical and organization measures designed to protect Connector data against unauthorized access, loss, misuse, alteration or disclosure. These measures include encryption in transit, role-based access controls, authentication and authorization controls, scoped access permissions, logging controls, vulnerability management and incident procedures.
Your rights and choices
You can disconnect the Connector at any time to immediately revoke its access. For questions about your data, corrections, or deletion requests, contact us using the details below. Your rights under applicable data protection laws are described in the main PowerDMARC Privacy Policy.
Email: [email protected]
Privacy policy: https://powerdmarc.com/privacy-policy/