Privacy Policy

ExchangeDefender Privacy Policy

ExchangeDefender (Own Web Now Corp) has security at the core of the product design and service delivery. Your privacy is very important to us and we implement layers of security to guard your data and access to it.

  • Do Not Sell - We do not sell access to any data stored on the ExchangeDefender systems.
  • Do Not Share - We do not share access to any data stored on the ExchangeDefender systems.
  • Do Not View - ExchangeDefender staff doesn't have unaudited or unrestricted view access to data stored on ExchangeDefender systems.

Data We Collect

ExchangeDefender stores data directly and indirectly (through proxy) about our clients and for our clients. Examples of client data we store directly:

  • Your name
  • Your company name
  • Your email address
  • Your passwords
  • Your physical address
  • Your credit card number, expiration date and billing zip code
  • Your display preferences and options

ExchangeDefender uses directly stored data to provide customer service, support, marketing and billing activities only.

ExchangeDefender stores data indirectly on your behalf on our systems either automatically or on demand. Examples of data we store indirectly:

  • Email (spam, hosted email, send/received messages)
  • Files and documents (offsite backup sets, email archiving)
  • Websites
  • Server images

ExchangeDefender does not directly access this data for any reason, including service audits. Any information collected with respect to indirectly stored data is for system management and accounting purposes only and does not in any way access the contents of the data.

Indirect Data Staff Access

ExchangeDefender may obtain access to indirectly stored data with clients' permission or permission of clients authorized manager or service provider. Access is restricted, logged and controlled at all times and in nearly all circumstances does not reveal users access credentials.

Indirect data access is only permitted from ExchangeDefender offices by staff for the support and troubleshooting purposes with clients' explicit permission. All actions, commands and activity is logged, time stamped and audited.

ExchangeDefender relies on ExchangeDefender Management Console to consolidate and delegate access to client data. At no time are credentials exposed or stored in plain text files or unencrypted network connections.

Data Compliance Laws

ExchangeDefender (Own Web Now Corp.) is a corporation based in United States of America and complies with the laws of United States of America.

ExchangeDefender operates worldwide with server infrastructure in multiple countries and data stored on infrastructure present in a specific country is subject to the local laws and regulations. ExchangeDefender complies with the local law of the land where data is stored. For example, data stored in United States is subject to United States law while data stored in Germany is subject to laws of European Union.

Service Specific Privacy & Data Retention

Microsoft Exchange

Data stored in Microsoft Exchange is automatically retained for 30 days after the mailbox is deleted.


Data stored in ExchangeDefender is purged within 7 days after the mailbox is deleted. Certain items such as authentication, rules and policies are deleted immediately while email statistics and transaction logs are purged automatically using a 7 day cycle.

Offsite Backups

Data stored on ExchangeDefender backup systems is purged within 24 hours. Historical data on replication servers is purged within 30 days.

Shockey Monkey

Data stored in Shockey Monkey is purged immediately. Unencrypted data (attachments, historical reports, flat files and documents) are purged immediately and system backups are removed within 30 days.


Changes to this Privacy Policy will be made available at