---
title: "Compliance & Trust | DMARC Report"
description: "DMARC Report is operated by DuoCircle LLC under our SOC 2 Type II program. Request the report, HECVAT, or our policy pack through the DuoCircle Trust Center."
image: "https://dmarcreport.com/images/og-default.png"
canonical: "https://dmarcreport.com/compliance/"
---

Compliance & Trust

#  DMARC Report runs on DuoCircle's compliance program.

 DMARC Report is built and operated by DuoCircle LLC. The DMARC Report service line is in scope for our SOC 2 Type II examination and has its own CSA STAR registry entry. All vendor-assessment documents are published in one place at the DuoCircle Trust Center.

### SOC 2 Type II

Annual examination since 2022 by Hancock Askew & Co, LLP. All four Trust Services Criteria: Security, Availability, Confidentiality, Processing Integrity. Report available under Bonterms Mutual NDA.

### CSA STAR Level 1

DMARC Report has its own entry in the Cloud Security Alliance public registry. CAIQ Lite, subset of CCM v4.1\. Renewed annually.

[View DMARC Report on CSA STAR →](https://cloudsecurityalliance.org/star/registry/duocircle/services/dmarc-report) 

### HECVAT Full

For colleges and universities, the Higher Education Community Vendor Assessment Toolkit, current version, available under NDA.

### Penetration testing

Annual third-party penetration test. Executive summary available under NDA.

## Need the SOC 2, HECVAT, or our policy pack?

Submit one request through the DuoCircle Trust Center. We use the standardized Bonterms Mutual NDA, published in advance so your legal team can review it before any conversation begins. We respond within one business day, and most often the same day.

[Request documents ](https://trust.duocircle.com/request/?source=dmarcreport) [Browse Trust Center](https://trust.duocircle.com/) 

## Public, no NDA

- [CSA STAR registry entry for DMARC Report](https://cloudsecurityalliance.org/star/registry/duocircle/services/dmarc-report)
- [Security Overview](https://trust.duocircle.com/security/), plain-English version of our control set.
- [Policy catalog](https://trust.duocircle.com/policies/), the titles and review cadence of every policy in our information security program.
- [Subprocessor list](https://www.duocircle.com/legal/subprocessors/), every third-party vendor that processes personal data on our behalf.
- [Bonterms Mutual NDA](https://www.duocircle.com/legal/mutual-nda/), published in advance so you can read it before you ask.

 DMARC Report runs on the standardized [Bonterms Cloud Terms](https://www.duocircle.com/legal/cloud-terms/). Self-serve plans run on Bonterms Online Cloud Terms, accepted at sign-up. Enterprise plans run on a counter-signed Cover Page. Same balanced framework either way, no surprise additions.

Reviewed 2026-05-06.

See also: [Privacy Policy](https://www.duocircle.com/legal/privacy/) · [Cloud Terms](https://www.duocircle.com/legal/cloud-terms/) · [DPA](https://www.duocircle.com/legal/dpa/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"WebPage","name":"Compliance & Trust | DMARC Report","description":"DMARC Report is operated by DuoCircle LLC under our SOC 2 Type II program. Request the report, HECVAT, or our policy pack through the DuoCircle Trust Center.","url":"https://dmarcreport.com/compliance/","isPartOf":{"@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com"},"about":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"mainEntity":{"@type":"ItemList","name":"DMARC Report compliance documents","itemListElement":[{"@type":"ListItem","position":1,"name":"SOC 2 Type II report (under NDA)"},{"@type":"ListItem","position":2,"name":"CSA STAR Level 1 (public)","url":"https://cloudsecurityalliance.org/star/registry/duocircle/services/dmarc-report"},{"@type":"ListItem","position":3,"name":"HECVAT Full (under NDA, higher education)"},{"@type":"ListItem","position":4,"name":"Information security policy pack (under NDA)"},{"@type":"ListItem","position":5,"name":"Penetration test executive summary (under NDA)"}]}}
```