Legal
Privacy Policy
Last updated: May 13, 2026
1. Data Controller
The data controller responsible for your personal data is:
SC. Sandner Mind Consulting SRL
com. Pischia, nr. 252P, jud. Timis, Romania
Trade Registry: J2011000900355
CUI: RO28365988
Email: valentin@mach10.pro
2. What Data We Collect
2.1 Website Analytics (Google Analytics 4)
- Data collected: Anonymized usage data including pages visited, time on page, device type, browser, approximate location (city level), and referral source
- Cookies set:
_ga(2-year expiry),_ga_*(2-year expiry),_gid(24-hour expiry) - Lawful basis: Consent (Article 6(1)(a) GDPR)
- Analytics cookies are only set after you accept them via our cookie consent banner. If you reject analytics cookies, Google Analytics operates in cookieless mode and does not store any identifiers on your device.
2.2 Email Health Check - DNS Scan
- Data collected: Domain name (your input) and IP address (from request headers)
- Purpose: The domain name is used to perform DNS lookups against publicly available DNS records. Your IP address is used solely for rate limiting (10 scans per hour per IP) to prevent abuse.
- Lawful basis: Legitimate interest (Article 6(1)(f) GDPR). Domain DNS records are publicly available data. IP address processing is necessary for abuse prevention.
- Retention: Rate limit data expires automatically after 2 hours.
2.3 Email Health Check - Deep Check (Optional)
- Data collected: Email address, email headers, and message metadata from the test email you send
- Purpose: To analyze email authentication headers (SPF, DKIM, DMARC) and provide a detailed deliverability report
- Lawful basis: Consent (Article 6(1)(a) GDPR). You voluntarily initiate this process by sending a test email to a provided address.
- Retention: Deep check metadata expires after 30 minutes. Full scan reports expire after 7 days. All expiry is automatic via Cloudflare KV TTL.
- Access: Reports are accessible via a unique token URL. Anyone with the link can view the report during the 7-day retention period.
2.4 Email Reports via Resend
- When you complete a deep check, scan results may be sent to you by email using the Resend API.
- Lawful basis: Consent (Article 6(1)(a) GDPR). You initiate the scan process.
- Your email address is used only to deliver your scan results and is not stored beyond the report retention period.
2.5 Cookie Consent Preference
- Your cookie consent choice is stored in a cookie named
cc_cookie. - This is a strictly necessary cookie and does not require consent.
- Expiration: 182 days.
3. Data Retention
| Data Type | Retention | Mechanism |
|---|---|---|
| Rate limit data | 2 hours | Cloudflare KV TTL |
| Deep check metadata | 30 minutes | Cloudflare KV TTL |
| Scan reports | 7 days | Cloudflare KV TTL |
| Google Analytics data | 14 months | GA4 default setting |
| Cookie consent preference | 182 days | Browser cookie |
All Cloudflare KV data is automatically and permanently deleted upon TTL expiry. We do not maintain backups of expired data.
4. Third-Party Data Processors
4.1 Google LLC (Google Analytics)
- Purpose: Website analytics
- Data processed: Anonymized usage statistics
- Privacy policy: policies.google.com/privacy
4.2 Cloudflare, Inc.
- Purpose: Website hosting, CDN, DNS resolution, and data storage (KV)
- Data processed: IP addresses (for routing and security), scan data stored in KV
- Privacy policy: cloudflare.com/privacypolicy
4.3 Resend, Inc.
- Purpose: Transactional email delivery (scan result reports)
- Data processed: Email addresses and email content (scan reports)
- Privacy policy: resend.com/legal/privacy-policy
5. International Data Transfers
- Google Analytics: Data may be transferred to the United States. Google participates in the EU-US Data Privacy Framework.
- Cloudflare: Data is processed on Cloudflare's global network, including servers in the EU and other regions. Cloudflare relies on Standard Contractual Clauses (SCCs) for transfers outside the EEA.
- Resend: Data may be processed in the United States. Transfers are governed by Standard Contractual Clauses (SCCs).
Appropriate safeguards are in place for all international transfers as required by Chapter V of the GDPR.
6. Your Rights Under GDPR
Under the General Data Protection Regulation, you have the following rights:
- Right of access (Article 15): Request a copy of your personal data
- Right to rectification (Article 16): Correct inaccurate personal data
- Right to erasure (Article 17): Request deletion of your personal data
- Right to restriction (Article 18): Restrict processing of your personal data
- Right to data portability (Article 20): Receive your data in a structured, machine-readable format
- Right to object (Article 21): Object to processing based on legitimate interest
- Right to withdraw consent: You may withdraw consent at any time by adjusting your cookie preferences via the link in the footer, or by contacting us. Withdrawal does not affect the lawfulness of processing before withdrawal.
To exercise any of these rights, contact us at valentin@mach10.pro. We will respond within 30 days as required by GDPR.
7. Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority. The Romanian Data Protection Authority is:
Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal (ANSPDCP)
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucuresti, 010336, Romania
Website: dataprotection.ro
Email: anspdcp@dataprotection.ro
You may also lodge a complaint with the supervisory authority in your country of residence.
8. Children's Privacy
Our services are not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected data from a child, please contact us immediately at valentin@mach10.pro and we will delete it promptly.
9. Changes to This Policy
We may update this privacy policy from time to time. Changes are effective upon posting to this page. The "Last updated" date at the top reflects the most recent revision. For material changes that affect how we process your data, we will update the cookie consent banner to re-request your consent where required.
10. Contact
For any privacy-related questions or to exercise your data rights:
Email: valentin@mach10.pro
SC. Sandner Mind Consulting SRL
com. Pischia, nr. 252P, jud. Timis, Romania