Legal terms and conditions for using the Vigil DMARC Platform
Last Updated: 24 May 2026
1. Definitions
In these Terms of Service (“Terms”), the following definitions apply unless the context indicates otherwise:
- “Vigil” or “the Platform” — the managed DMARC service provided and operated by The Vigilance Initiative Group (Pty) Ltd at vigil.solutions
- “Company”, “we”, “us”, or “our” — The Vigilance Initiative Group (Pty) Ltd, a company registered in the Republic of South Africa
- “Vigil Solutions” — a brand and service-line name owned and used by the Company for Vigil-related services. Vigil Solutions is not a separate legal entity, supplier, contracting party, invoicing party, responsible party, or independent commercial actor
- “Partner” — an MSP, WISP, ISP, hosting provider, IT consultancy, or other service provider organisation that has entered into a partner agreement with the Company
- “Customer” — an end organisation whose domains are managed by a Partner through the Platform
- “User” or “you” — any individual who accesses or uses the Platform, whether as a Partner user or Customer user
- “Service” — all features, functionality, and infrastructure provided through the Platform
- “Domain” — an internet domain name registered with the Platform for DMARC monitoring and management
2. Agreement to Terms
By accessing and using the Service, you agree to be bound by these Terms, which incorporate our data protection and privacy obligations. If you do not agree to these Terms, please do not use our Service.
These Terms constitute the entire agreement between you and The Vigilance Initiative Group (Pty) Ltd regarding your use of the Service, including our obligations under the Protection of Personal Information Act 4 of 2013 (“POPIA”). All contracting, invoicing, legal notices, and commercial acts relating to the Service are performed by the Company.
3. Service Description
Vigil is a managed DMARC platform for service providers. We configure, monitor, and manage DMARC compliance on behalf of our Partners and their Customers. The Service includes:
- DMARC policy configuration, monitoring, and compliance reporting
- Email authentication analysis (SPF, DKIM, DMARC)
- DNS record verification and configuration guidance
- Compliance scoring and actionable recommendations
- Domain protection through proper DMARC implementation
- Hosted DNS infrastructure with CNAME-based domain delegation
- SPF flattening to manage lookup limits at scale
- Whitelabel capability for MSPs and service providers
- Expert consultation on DMARC policy improvements and authentication issues
Vigil is not an email security platform, threat detection system, email filtering service, or email gateway. We do not intercept, block, or filter email messages in transit.
4. Partner Obligations
Access to the Vigil platform is provided via partner agreement and requires administrative approval:
- Partner access is granted following completion of a Vigil partner agreement
- Partners may create and manage Customer accounts within their allocated scope
- All registration requests are subject to administrative approval
- You must provide accurate and complete information during registration
- We reserve the right to reject any registration request at our discretion
- Approved users will receive an invitation to complete their account setup via email
- Account access may be suspended or terminated for violation of these Terms
- You are responsible for maintaining the confidentiality of your login credentials
- You must notify us immediately of any unauthorised use of your account
- Partners are responsible for ensuring that their Customer users comply with these Terms
5. Acceptable Use
You agree to use our Service only for legitimate business purposes and in compliance with:
- All applicable South African laws and regulations
- The Protection of Personal Information Act 4 of 2013 (POPIA)
- The Electronic Communications and Transactions Act 25 of 2002 (ECT Act)
- International email standards and best practices, including DMARC (RFC 9989, RFC 9990, RFC 9991), SPF (RFC 7208), and DKIM (RFC 6376)
You may not use our Service to:
- Engage in any unlawful or fraudulent activities
- Circumvent email authentication measures
- Generate spam or unsolicited communications
- Attempt to gain unauthorised access to any systems or data
- Reverse-engineer, decompile, or disassemble the Service
- Use the Service to assist in activities that violate the rights of others
6. Intellectual Property
The Vigil platform, including all software, designs, methodologies, reports, scoring algorithms, and documentation, remains the intellectual property of The Vigilance Initiative Group (Pty) Ltd. You are granted a limited, non-exclusive, non-transferable, revocable licence to use the Service for your legitimate business purposes for the duration of your active subscription.
You retain ownership of any data you submit to the Service, including your domain configurations and uploaded DMARC reports. We claim no intellectual property rights over your data.
7. Data Protection and POPIA Compliance
We are committed to protecting your personal information in full compliance with the Protection of Personal Information Act 4 of 2013 (POPIA). This section serves as our data protection notice and describes how we collect, use, store, and protect your personal information.
7.1 Information Officer
Our designated Information Officer, as required by section 55 of POPIA, can be contacted for any data protection queries, access requests, or complaints:
The Information Officer
Email: info-officer@vigil.solutions
Company: The Vigilance Initiative Group (Pty) Ltd
7.2 Lawful Basis for Processing
We process personal information on the following lawful grounds as defined in section 11 of POPIA:
- Consent — You consent to the processing of your personal information when you register for and use the Service
- Contractual obligation — Processing is necessary to fulfil our service agreement with you or your organisation
- Legitimate interest — Processing is necessary for the legitimate interests of operating, maintaining, and improving the Service, provided that such interests do not override your rights
- Legal obligation — Processing is necessary to comply with a legal obligation to which we are subject
7.3 Categories of Personal Information Collected
We collect and process the following categories of personal information:
- Account information — Name, email address, job title, and organisation name provided during registration
- Authentication data — Hashed passwords, session tokens, and login activity (timestamps, IP addresses, user agent strings)
- DMARC report data — Aggregate DMARC reports received from mail receivers, and DMARC failure reports (RUF) only where explicitly enabled. Aggregate reports may include source IP addresses, domain names, message counts, and authentication results. Failure reports can include message-level identifiers and are handled as privacy-sensitive diagnostics
- DNS configuration data — DMARC, SPF, and TLS-RPT records associated with your managed domains, plus DKIM selector and evidence data used for monitoring
- Usage data — Service interaction logs for maintaining and improving platform functionality
- Communication records — Correspondence with our support team
7.4 Purpose of Processing
Your personal information is processed solely for the following purposes:
- Providing, operating, and maintaining the Vigil DMARC Platform
- Authenticating your identity and managing your account access
- Analysing DMARC reports to monitor email authentication compliance
- Generating compliance reports and recommendations for your domains
- Communicating service updates, alerts, and support responses
- Ensuring the security and integrity of the Service
- Complying with legal and regulatory obligations
7.5 Data Subject Rights
Under POPIA, you have the following rights with respect to your personal information. To exercise any of these rights, contact our Information Officer at info-officer@vigil.solutions:
- Right of access (section 23) — You may request confirmation of whether we hold your personal information and request a copy of that information
- Right to correction (section 24) — You may request that we correct or update inaccurate, incomplete, or misleading personal information
- Right to deletion (section 24) — You may request that we delete your personal information where it is no longer necessary for the purpose for which it was collected
- Right to object (section 11(3)(a)) — You may object to the processing of your personal information on reasonable grounds
- Right to withdraw consent — Where processing is based on consent, you may withdraw that consent at any time, without affecting the lawfulness of processing prior to withdrawal
- Right to complain — You have the right to lodge a complaint with the Information Regulator (see section 7.9 below)
We will respond to all data subject requests within 30 days of receipt, as required by POPIA. We may request verification of your identity before processing any request.
7.6 Cross-Border Data Transfers
Your data may be transferred to and processed in jurisdictions outside the Republic of South Africa. We ensure that all cross-border transfers comply with section 72 of POPIA. Specifically:
- Database hosting — Our database infrastructure is hosted within the European Union (EU), which provides an adequate level of data protection under the EU General Data Protection Regulation (GDPR)
- Email delivery — Transactional emails (account notifications, reports) are sent via a reputable cloud-based email delivery service
In all cases, appropriate safeguards are in place, including contractual obligations on service providers to protect your personal information to a standard consistent with POPIA.
7.7 Data Breach Notification
In the event of a data breach that compromises the confidentiality, integrity, or availability of your personal information, we will:
- Notify the Information Regulator as soon as reasonably possible after becoming aware of the breach, as required by section 22 of POPIA
- Notify affected data subjects as soon as reasonably possible, providing details of the breach, the information affected, and measures taken
- Take immediate steps to mitigate any harm resulting from the breach
- Document the breach and our response for regulatory purposes
7.8 Data Retention
We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:
- Account data — Retained for the duration of your active account and deleted within 90 days of account termination
- DMARC report data — Retained for the duration of the service agreement to enable historical trend analysis and compliance reporting
- Authentication logs — Retained for 12 months for security monitoring purposes
- Communication records — Retained for 24 months from date of last correspondence
Upon expiry of the retention period, personal information is securely deleted or anonymised in accordance with section 14 of POPIA.
7.9 Information Regulator
If you are not satisfied with our handling of your personal information, or if you believe we have violated your rights under POPIA, you have the right to lodge a complaint with the Information Regulator of South Africa:
Information Regulator (South Africa)
Email: complaints.IR@justice.gov.za
Website: inforegulator.org.za
8. Service Levels
We strive to maintain high service availability, but cannot guarantee uninterrupted access. Scheduled maintenance will be communicated in advance where reasonably possible. We are not liable for any downtime, service interruptions, or data unavailability resulting from circumstances beyond our reasonable control.
The Service provides technical analysis, compliance scoring, and recommendations based on automated analysis of DMARC data and DNS configurations. However:
- Recommendations are advisory in nature and do not constitute professional cybersecurity or legal advice
- All recommendations should be verified by qualified IT professionals before implementation
- We recommend consulting with cybersecurity experts before making changes to DNS records or email authentication configurations
- Email authentication configurations should be thoroughly tested in a controlled environment before production deployment
- We are not responsible for any adverse outcomes resulting from implementing recommendations without adequate testing
9. Third-Party Services
The Service relies on the following third-party providers to deliver its functionality. We ensure that all third-party providers maintain appropriate data protection standards:
- Cloud database provider — Database infrastructure and authentication services (hosted within the European Union)
- Cloud email delivery provider — Transactional email delivery for account notifications and reports
- DNS providers — Public DNS resolution services for domain verification and monitoring
We are not responsible for the privacy practices, content, or availability of third-party services. Your use of such services is subject to their respective terms and privacy policies.
10. Cookies and Tracking
The Service uses cookies for its operation and, with your consent, for analytics purposes.
Essential Cookies
These cookies are strictly necessary for the Service to function and cannot be disabled:
- Authentication cookies — HTTP-only session cookies to maintain your login state and refresh your authentication token securely
- Security cookies — Cookies used to protect against cross-site request forgery and other security measures
Analytics Cookies
With your consent, we use Google Analytics to understand how visitors use our website and to improve the Service. Analytics cookies collect:
- Page views and navigation patterns
- Device and browser type
- Approximate geographic location (country level)
Analytics cookies are only loaded after you give consent via the cookie banner. No analytics data is collected if you decline.
Your Choices
When you first visit our website, you will see a cookie consent banner where you can accept or decline analytics cookies. To change your preference at any time, clear your browser’s local storage for this site and refresh the page.
We do not use advertising cookies, third-party tracking pixels, or share personal information with advertisers or data brokers.
11. Limitation of Liability
To the maximum extent permitted by South African law, including the Consumer Protection Act 68 of 2008 where applicable:
- Our Service is provided “as is” and “as available” without warranties of any kind, whether express or implied
- We shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of the Service
- Our total aggregate liability for any claims arising from or relating to the Service shall not exceed the total fees paid by you for the Service during the twelve (12) months immediately preceding the claim
- You assume full responsibility for implementing any security configurations or recommendations provided by the Service
- We do not warrant that the Service will be error-free, secure, or available at all times
12. Indemnification
You agree to indemnify, defend, and hold harmless The Vigilance Initiative Group (Pty) Ltd, its directors, officers, employees, and agents from and against any claims, liabilities, damages, losses, and expenses (including reasonable legal fees) arising out of or in any way connected with:
- Your access to or use of the Service
- Your violation of these Terms
- Your violation of any third-party right, including any intellectual property or privacy right
- Any damage caused by your implementation of recommendations provided by the Service without adequate testing or professional review
13. Termination
Either party may terminate this agreement by providing 30 days’ written notice. We may terminate or suspend your access immediately, without prior notice, if you breach these Terms. Upon termination:
- Your access to the Service will cease immediately
- You may request a copy of your data within 30 days of termination
- Your data will be securely deleted within 90 days of termination, in accordance with our data retention policy (section 7.8)
- Any outstanding obligations, including payment obligations, will survive termination
- Sections relating to limitation of liability, indemnification, intellectual property, and governing law shall survive termination
14. Force Majeure
Neither party shall be liable for any failure or delay in performing its obligations under these Terms where such failure or delay results from circumstances beyond the reasonable control of that party, including but not limited to: natural disasters, acts of government, power failures, internet outages, cyberattacks, pandemics, or civil unrest. The affected party shall notify the other party as soon as reasonably practicable and shall use reasonable efforts to mitigate the effects of the force majeure event.
15. Governing Law
These Terms are governed by and construed in accordance with the laws of the Republic of South Africa, including the Protection of Personal Information Act 4 of 2013, the Electronic Communications and Transactions Act 25 of 2002, and the Consumer Protection Act 68 of 2008 where applicable. Any disputes arising from or relating to these Terms shall be subject to the exclusive jurisdiction of the South African courts.
16. Changes to Terms
We reserve the right to modify these Terms at any time. Where changes materially affect your rights or obligations, we will provide at least 30 days’ notice via email or through the Service before the changes take effect. Continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Terms. If you do not agree with the changes, you should discontinue use of the Service before the effective date.
17. Contact Information
For questions about these Terms, our Service, or to exercise your data subject rights, please contact:
The Vigilance Initiative Group (Pty) Ltd
Website: vigil.solutions
General enquiries: partner@vigil.solutions
Information Officer: info-officer@vigil.solutions
Questions About These Terms?
If you have any questions about these Terms of Service or need clarification on any section, please get in touch. We are happy to help.