Privacy Policy

EsReal Plugins and Extensions

Last updated: May 2026

1. Overview

EsReal ("we," "us," "our," or "Company") operates multiple security plugins and extensions including: EsReal Outlook Add-in, EsReal Gmail Add-on, and EsReal Browser Extension (collectively, the "Plugins"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Plugins.

2. Information We Collect

Our Plugins collect minimal information necessary to provide domain verification and security assessment:

Email Plugins (Outlook Add-in & Gmail Add-on)

• Email Sender Domain: Only the domain portion of the sender's email address (FROM field) is extracted.
• Domain Verification Data: Sender's domain is sent to our API for authenticity verification.
• NO Email Content: Email body, attachments, subject, or other message content is never accessed or stored.
• NO Personal Data: Names, addresses, phone numbers, or other identifiers are not extracted.

Browser Extension

• Website Domain: The domain name of websites you visit is analyzed for validation.
• Domain Verification: Domain is sent to our API for authenticity and trust assessment.
• NO Browsing Content: Website content, page text, forms, or user input is never accessed.
• NO Tracking: We do not track browsing history or monitor your web activity beyond domain validation.
• NO Form Data: Form submissions, passwords, or user-entered data are never captured.

All Plugins

• Usage Logs: API requests are logged for debugging, security, and service improvement (max 90 days retention).
• Configuration Data: Enterprise API keys and authentication tokens are stored securely.

3. How We Use Your Information

Collected information is used for:

• Verifying domain authenticity and trustworthiness
• Displaying security indicators and trust status
• Detecting phishing, spoofing, and fraudulent activity
• Assessing organizational domain approval (enterprise mode)
• Improving plugin functionality and security features
• Debugging technical issues and monitoring service health
• Complying with legal and security obligations

4. Data Sharing and Transfers

Domain verification data is shared with EsReal's backend infrastructure (esreal.org, anchor.esreal.org) to perform security analysis. We do not sell or share personal information except:

• With your organization's administrators (enterprise deployments)
• As required by law or legal process
• With service providers under strict confidentiality agreements
• To protect against fraud, security threats, or legal claims

5. Data Retention

Domain verification data is retained only as necessary to provide the service. Usage and debug logs are retained for a maximum of 90 days. Email addresses, website URLs, and personal identifiers are never stored permanently. Upon uninstallation of any Plugin, associated data is deleted.

6. Security Measures

We implement industry-standard security practices:

• End-to-end HTTPS encryption for all communications
• Secure API authentication (enterprise mode with API keys)
• No sensitive data in logs or error messages
• Regular security audits and threat monitoring
• Compliance with OWASP security standards

7. Your Privacy Rights

Under GDPR, CCPA, and similar privacy laws, you may have the right to:

• Access your personal data we hold
• Correct inaccurate information
• Request deletion of your data
• Object to data processing
• Request data portability
• Withdraw consent at any time

To exercise these rights: support@esreal.be

8. Plugin-Specific Details

Microsoft Outlook Add-in

Accesses only the FROM field of messages displayed in Outlook. Does not interact with Outlook calendar, contacts, archives, or other features.

Gmail Add-on

Accesses only the sender's email address from messages displayed in Gmail. Does not access Gmail labels, filters, drafts, or other Gmail features.

Browser Extension

Analyzes domain names from website URLs you visit. Does not access page content, form data, cookies, or browsing history. Works passively without interfering with website functionality.

9. Children's Privacy

The Plugins are intended for business and professional use only. We do not knowingly collect information from children under 13.

10. International Data Transfers

Your data may be transferred to and processed in Belgium and other EU countries. By using the Plugins, you consent to such transfers under GDPR and applicable laws.

11. Third-Party Services

The Plugins integrate with:

• Microsoft Outlook / Google Workspace (email platforms)
• Web browsers (Chrome, Edge, Firefox, Safari)
• EsReal verification infrastructure

These services have their own privacy policies. We are not responsible for their privacy practices.

12. Policy Updates

We may update this Privacy Policy periodically. Significant changes will be communicated via email or plugin notification. Continued use constitutes acceptance of changes.

13. Contact Information

For privacy questions or to exercise your rights:

• Email: support@esreal.be
• Website: https://esreal.be
• Organization: EsReal BV - BE 1034457092
• Legal: EsReal® – registered and managed by Ciram Consulting BV, used under licence by EsReal BV

---

This Privacy Policy covers all EsReal Plugins and is available in multiple languages. In case of translation conflicts, the English version is authoritative.