ValidEmailChecker

How long does VEC keep login attempt logs?

Last updated May 20, 2026Privacy & policies

Login history at Valid Email Checker is kept for the lifetime of your account. We do not auto-expire individual login rows on a 15-day or 90-day schedule the way we do with verification data, because the purpose of the log is to give you a complete security timeline you can audit later. The tradeoff is well understood: a stale login from two years ago has no operational value, but a single forgotten login in March that you only notice in August might be the breadcrumb that catches a slow account compromise.

Why we keep it longer than verification data

Verification results lose their value within days of a run — you have already exported the addresses to your ESP or CRM, and holding them longer only enlarges privacy exposure. Login records are the opposite. They get more useful as more of them accumulate, because anomalies stand out against a longer baseline. If your normal pattern is "Chrome on Windows, in Berlin, twice a day," a single successful login from "Firefox on Linux, in Manila" four months back is interesting precisely because it sits alone in the timeline.

What you can do with the retained data

  • Open Account Settings, Security tab, and scroll through every login attempt on your account.
  • Filter to successful only, failed only, or by device.
  • Spot any login flagged "suspicious" by our automatic new-device detection — see what data we store about login attempts.
  • Cross-reference with your own travel and device history to confirm the timeline is yours.

When the log gets purged

There are three events that remove login records: closing your account (everything tied to your user ID, including login history, is purged), filing a GDPR erasure request via support (we will wipe login history as part of the full account purge — see how do I file a GDPR data subject request), and an explicit support-driven cleanup for enterprise customers with a rolling-window policy. We do not delete individual login rows on customer request, because doing so would create a forgery vector — anyone who compromised an account could erase the trace.

Rolling-window option for enterprise contracts

Some enterprise customers have internal policies that cap security-log retention at 90 or 180 days, even if longer would be useful. We support a configurable rolling-window purge for these accounts. The implementation is the same kind of nightly cleanup job that handles verification data retention — it just runs against the login_history table and drops rows past your configured cutoff. Mention the requirement during onboarding and we will set the value on your tenant.

Export your login history before closing the account
If you want a personal record of your login timeline before closing the account, use the data export tool — it includes the full login history alongside your verification metadata.

Related questions

What data does Valid Email Checker store about my login attempts?
How long does Valid Email Checker keep my verified email results?
How do I file a GDPR data subject request with Valid Email Checker?
How we protect your data
Back to all FAQs

Still stuck? Email support