ValidEmailChecker

Data & Privacy Policy

Last updated May 19, 2026Privacy & policies

Effective date: January 2026

We understand the importance of protecting your personal data. As a platform that handles email addresses — many belonging to individuals around the world — we are committed to responsible data-handling practices. This document explains how we handle your data and what that means for you.

Our role in data processing

We act as a data processor when handling email lists you submit for verification. We process the email data you provide solely to carry out the service you requested — email validation. We do not use this data for any other purpose such as advertising, profiling, or analysis beyond what is necessary to complete the task.

You, as the user, are the data controller. Your uploaded content remains fully under your ownership and direction. We do not access the contents of your list for any other use, nor do we transfer that data to third parties for unrelated processing.

Legal basis for processing

Our basis for processing your email data stems from the explicit action you take when you upload a list for validation. This represents your consent and signals your request for us to perform a specific service. We also process some information as part of our contractual obligation to you — delivering results, managing your account, addressing support requests.

What data we collect

Information you provide

When you create an account and use our services, you provide us with:

  • Your email address for account identification and login purposes.
  • Your password for authentication. We store passwords as a secure bcrypt hash and cannot read them in plaintext.
  • Payment information, processed securely by our payment processors (Stripe, Paddle, or CoinPayments depending on the chosen method). We never store your full card details — payment processors handle those.
  • Optional profile fields (name, phone, address) — all opt-in.

When you use the verification service, you provide email lists for verification and receive verification results in return. This data is stored temporarily so you can access your results.

Information collected automatically

To maintain security and improve the service, we automatically collect certain information when you use the platform:

  • Your IP address — security, fraud prevention, abuse-rate-limiting.
  • Browser and device information — troubleshooting and session management.
  • Usage statistics — service improvement.

This automatically collected data is retained for 90 days for operational purposes, except for anonymized usage statistics that may be retained longer in aggregate form for capacity planning.

Data retention and deletion

The 15-day rule

Your uploaded email lists and verification results are automatically deleted from our system after 15 days. This is enforced by a scheduled cleanup function (gdpr-cleanup) — not a manual policy promise. The default retention is 15 days and is admin-configurable; the live setting is what governs your data.

This retention period gives you adequate time to download your results while minimizing what we hold. The dashboard shows the deletion deadline on the Uploads & Results page.

Manual deletion

You do not have to wait 15 days. You can delete any uploaded file and verification result from the dashboard at any time. Open Uploads & Results, click the trash icon on any row, confirm. Once deleted, the data cannot be recovered.

Account data

Information related to your account itself (email address, preferences, transaction history) is retained as long as you maintain an active account. If you delete your account, all associated data is permanently removed.

How we protect your data

Security measures

  • All data transferred between your browser and our servers is encrypted using TLS (HTTPS).
  • Data stored on our database is encrypted at rest by the underlying infrastructure (Supabase / AWS RDS-equivalent encryption).
  • Access to our production systems is strictly controlled — only authorized personnel can access infrastructure.
  • Single-active-session enforcement on user accounts: signing in on a new device terminates the previous session.
  • Two-factor authentication is available on every account (TOTP and email options).
  • API keys are stored as SHA-256 hashes — even our database administrators cannot read the plaintext keys.
  • Two-factor backup codes are stored encrypted (not in plaintext).

What we never do

  • We never sell your data to anyone, under any circumstances.
  • We never use your email lists for our own marketing.
  • We never share your uploaded lists with third parties for their own use.
  • We never profile you based on the content of your uploaded data.
  • We never train AI on customer email lists.
  • We never store your data longer than the 15-day retention window without your explicit action.

Third-party services

To deliver a smooth and reliable experience, we rely on carefully selected service providers. Each receives only the minimum data necessary to provide their specific service:

ProviderWhat it doesWhat it sees
SupabaseDatabase + auth platformAccount credentials, verification results, all data we store
StripeCard payment processingCard details for card transactions (we never see full card numbers)
PaddleMerchant-of-record for some regionsSubscription billing details for Paddle-processed transactions
CoinPaymentsCryptocurrency payment processingCrypto wallet/transaction details for crypto purchases
Reoon + EmailListVerifyUpstream verification enginesEmail addresses submitted for verification (one provider at a time)
Transactional email providerSending password resets, receipts, notificationsRecipient email + message content for the specific transactional message

All third-party providers are selected based on their security practices and commitment to data protection. We do not sell, trade, or rent your uploaded data to anyone.

Your rights and controls

You have control over your data:

  • Access — your profile information, uploaded files, and verification results are all visible in the dashboard.
  • Correct — update profile information in Account Settings at any time.
  • Delete — remove individual files from Uploads & Results, or delete your entire account from Account Settings → Profile → Delete Account.
  • Export — download verification results in CSV, XLSX, JSON, or TXT format.
  • Portability — request a structured export of all data on your account by emailing privacy@validemailchecker.com.

Data protection principles we follow

  • Purpose limitation — using data only for the verification service you requested.
  • Data minimization — collecting only what is necessary.
  • Storage limitation — automatically deleting verification data after 15 days.
  • Integrity and confidentiality — implementing appropriate security to protect data.
  • Accountability — maintaining records of processing activities and being able to demonstrate compliance.

Data Processing Agreements (DPAs)

For businesses that need formal documentation of our data-handling practices for their own compliance, we offer a Data Processing Agreement on request. Email privacy@validemailchecker.com to request a DPA.

Cookies and tracking

We use cookies for essential platform functionality:

  • Essential cookies — login, session management, security. Required for the service to function.
  • Functional cookies — remember your preferences (selected verification mode, dashboard layout).
  • Analytics cookies — help us understand how the service is used so we can improve it.

Manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using the service.

Changes to this policy

We may update this privacy policy periodically to reflect changes in our practices or legal requirements. Changes are posted on this page with an updated revision date. For significant changes, we notify you via email. We encourage you to review this policy periodically.

Contact

  • Privacy questions / data rights: privacy@validemailchecker.com
  • General support: support@validemailchecker.com
  • Response time: within 48 hours

Related policies

Acceptable use policyRefund policyHow we protect your data (long-form)Do you store the emails I verify?

Related questions

Acceptable Use Policy
Refund Policy
Do you store the emails I verify?
How we protect your data
Back to all FAQs

Still stuck? Email support