Skip to main content

Privacy Policy

Last updated: January 31, 2026

Introduction

Explain My IT ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

By using our service, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Account Information

When you create an account, we collect:

  • Email address (required for authentication and service delivery)
  • Full name (required)
  • Password (encrypted and never stored in plain text)

Domain Information

When you request IT snapshots, we collect:

  • Domain names you submit for analysis
  • Publicly available DNS, SSL, and email security configuration data for those domains
  • Technical metadata about domain infrastructure (all obtained from public sources)

Payment Information

If you subscribe to a paid plan, we collect payment information through our payment processor, Stripe. We do not store your complete credit card information on our servers. Stripe stores your payment information in accordance with PCI-DSS standards.

We store:

  • Stripe customer ID (for billing management)
  • Subscription status and tier
  • Last 4 digits of card (for your reference)
  • Payment history and invoice records

Usage Information

We automatically collect certain information about your use of our service:

  • Report generation timestamps and domain queries
  • Login timestamps and authentication events
  • Feature usage patterns (anonymized)
  • Browser type, operating system, and device information
  • IP address (for security and fraud prevention)

On-Premise Network Scan Data

If you use our On-Premise plan, you install a small monitoring agent on a Windows computer in your office. This agent scans your local network and sends the results to our servers for analysis.

The network scan data we collect and store includes:

  • Internal IP addresses of devices detected on your network
  • MAC addresses (hardware identifiers) of network devices
  • Device hostnames and vendor information derived from MAC address prefixes
  • Open network ports and services detected on each device
  • Wi-Fi network names (SSIDs) visible from the scanned computer
  • Core host information from the computer running the agent (OS version, Windows Defender and firewall status, pending update count, shared folders, recent failed login counts)
  • Network gateway information (IP, MAC address, vendor)

What we do NOT collect: The agent does not read, transmit, or store file contents, passwords, user account data, email or calendar content, browsing history, keystrokes, screenshots, or any data from applications running on the monitored network.

Network scan data is used solely to generate your plain-English network reports. It is stored securely in our database and accessible only to your account. You can delete any scan report from your dashboard at any time, which permanently removes the underlying data.

Analytics Data

We use Umami Analytics, a privacy-friendly analytics service, to understand how visitors interact with our website. Umami:

  • Does not use cookies
  • Does not track users across websites
  • Anonymizes all visitor data
  • Does not collect personally identifiable information
  • Is GDPR, CCPA, and PECR compliant

How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our service
  • Generate IT snapshot reports for your submitted domains
  • Process payments and manage subscriptions
  • Send service-related emails (welcome, subscription confirmations, monthly snapshots, payment issues)
  • Respond to your inquiries and provide customer support
  • Monitor and analyze usage patterns to improve our service
  • Detect, prevent, and address security issues or fraudulent activity
  • Comply with legal obligations and enforce our Terms of Service

We will never sell, rent, or share your personal information with third parties for their marketing purposes.

Data Storage and Security

Where Your Data is Stored

  • Account data: Stored in Supabase (PostgreSQL database) with encryption at rest and in transit
  • Authentication: Managed by Supabase Auth with industry-standard security
  • Payment data: Stored by Stripe (PCI-DSS Level 1 certified)
  • Email delivery: Managed by Brevo (complies with GDPR and data protection regulations)
  • Analytics: Umami Analytics (privacy-focused, no personal data stored)
  • Application hosting: Vercel (SOC 2 Type II certified)

Security Measures

We implement industry-standard security measures to protect your data:

  • All data transmission is encrypted using SSL/TLS
  • Passwords are hashed using bcrypt before storage
  • Database access is restricted and logged
  • Regular security audits and updates
  • Row-level security policies in our database
  • Automatic logout after inactivity

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Data Retention

We retain your information for as long as necessary to provide our services and as required by law:

  • Account data: Retained while your account is active and for 90 days after account deletion
  • Report data: Retained according to your plan (website snapshot history as shown in your account; paid subscribers, including legacy monthly website plans and On-Premise, may have longer or unlimited retention as described at signup)
  • Payment records: Retained for 7 years to comply with financial regulations
  • Email logs: Retained for 30 days for deliverability tracking

Data Sharing and Disclosure

We do not sell or rent your personal information. We may share your information only in the following circumstances:

Service Providers

We share data with trusted third-party service providers who help us operate our service:

  • Supabase: Database and authentication services
  • Vercel: Application hosting and deployment
  • Stripe: Payment processing
  • Brevo: Transactional email delivery
  • Umami: Privacy-friendly analytics
  • Anthropic (Claude AI): AI-powered report generation (only domain configuration data, no personal information)

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

Legal Requirements

We may disclose your information if required by law or if we believe it's necessary to:

  • Comply with legal process or government requests
  • Enforce our Terms of Service
  • Protect our rights, property, or safety, or that of our users or the public
  • Detect, prevent, or address fraud, security, or technical issues

Business Transfers

If Explain My IT is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.

Your Rights and Choices

Access and Portability

You have the right to:

  • Access your personal information at any time through your account dashboard
  • Export your report data and account information
  • Request a copy of all data we hold about you

Correction and Deletion

You can:

  • Update your account information at any time in your account settings
  • Delete individual reports from your dashboard
  • Request full account deletion by contacting us at support@explainmyit.com

When you delete your account, we will delete or anonymize your personal information within 90 days, except where we are required to retain it for legal or regulatory purposes.

Email Communications

You will receive:

  • Transactional emails (account confirmations, subscription updates, password resets) - these are necessary for service operation and cannot be opted out of while you have an account
  • Service updates (new features, important changes) - you can unsubscribe from these while maintaining your account

Subscription Management

You can:

  • Cancel your subscription at any time (access continues until the end of your billing period)
  • Manage payment methods through your dashboard
  • View billing history and download invoices

Cookies and Tracking

We use minimal cookies and tracking technologies:

  • Authentication cookies: Required to keep you logged in (session-only)
  • CSRF protection: Security tokens to protect against cross-site attacks
  • Analytics: Umami (cookieless, privacy-friendly analytics)

We do not use third-party advertising cookies or tracking pixels. We do nottrack you across other websites.

International Users and Data Transfers

Our service is operated from the United States. If you are accessing our service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

By using our service, you consent to the transfer of your information to countries outside of your country of residence, which may have different data protection rules.

GDPR Compliance (European Users)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

  • Right to access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate personal data
  • Right to erasure: Request deletion of your personal data
  • Right to restrict processing: Limit how we use your data
  • Right to data portability: Receive your data in a structured format
  • Right to object: Object to processing of your personal data
  • Right to withdraw consent: Withdraw consent for data processing at any time

To exercise these rights, contact us at support@explainmyit.com. We will respond within 30 days.

CCPA Compliance (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to know: What personal information we collect and how we use it
  • Right to delete: Request deletion of your personal information
  • Right to opt-out: We do not sell personal information, so there is nothing to opt out of
  • Right to non-discrimination: We will not discriminate against you for exercising your rights

PIPEDA Compliance (Canadian Users)

We comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). As a Canadian company (Marshall Digital Solutions LTD, Toronto, Ontario), we are committed to:

  • Accountability: We are responsible for personal information under our control
  • Identifying purposes: We clearly identify why we collect information before or at the time of collection
  • Consent: We obtain your consent for collection, use, or disclosure of personal information
  • Limiting collection: We only collect information necessary for identified purposes
  • Limiting use and disclosure: We only use or disclose information for the purposes identified
  • Accuracy: We keep personal information accurate, complete, and up-to-date
  • Safeguards: We protect personal information with appropriate security measures
  • Openness: We are transparent about our privacy practices
  • Individual access: You can access your personal information and challenge its accuracy
  • Challenging compliance: You can challenge our compliance with PIPEDA

If you have concerns about our privacy practices that we have not adequately addressed, you may file a complaint with the Office of the Privacy Commissioner of Canada.

Children's Privacy

Our service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from children under 18, we will take steps to delete that information.

Do Not Track Signals

We respect Do Not Track (DNT) signals. Our analytics provider (Umami) does not track users regardless of DNT settings, as it is privacy-focused by design and does not collect personally identifiable information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. We will notify you of any material changes by:

  • Posting the updated policy on this page with a new "Last Updated" date
  • Sending an email notification to your registered email address
  • Displaying a prominent notice in your dashboard

Your continued use of our service after changes are posted constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

Third-Party Links

Our service may contain links to third-party websites or services that are not owned or controlled by Explain My IT. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you within 72 hours of becoming aware of the breach, in compliance with applicable data protection laws. We will provide information about the nature of the breach, the data affected, and steps we are taking to address it.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Marshall Digital Solutions LTD
Operating as: Explain My IT
Location: Toronto, Ontario, Canada
Email: support@explainmyit.com
Privacy Requests: Please include "Privacy Request" in the subject line

We will respond to all legitimate requests within 30 days (or sooner as required by applicable law).

Dispute Resolution

If you have a complaint about our privacy practices that we have not adequately addressed, you may have the right to lodge a complaint with your local data protection authority.