Data Processing Agreement
How to accept this DPA: This DPA is incorporated into our Terms of Service. If you (the "Customer") use EmailProbe to process personal data of identifiable individuals in connection with the European Economic Area, the United Kingdom, Switzerland, California, or any other jurisdiction with a comparable data-protection law, this DPA applies automatically. If your organisation requires a counter-signed copy on a separate document, email support@emailprobe.dev with the subject "DPA counter-signature" and we will send you a PDF.
1. Parties and Definitions
This Data Processing Agreement ("DPA") is entered into between the customer using EmailProbe (the "Customer", acting as data Controller) and EmailProbe (the "Processor"). It governs the processing of Personal Data by EmailProbe on behalf of the Customer.
The following terms have the meanings given in the GDPR (EU Regulation 2016/679) and equivalent laws:
- Personal Data -- any information relating to an identified or identifiable natural person.
- Processing -- any operation performed on Personal Data, including collection, storage, transmission, deletion, etc.
- Controller -- the party that determines the purposes and means of Processing.
- Processor -- the party that processes Personal Data on behalf of the Controller.
- Sub-processor -- a third party engaged by the Processor to process Personal Data on the Controller's behalf.
- Data Subject -- the individual to whom the Personal Data relates.
- SCCs -- the Standard Contractual Clauses approved by the European Commission for international data transfers.
2. Scope and Roles
For Personal Data processed by EmailProbe in the course of providing the Service to the Customer:
- The Customer is the Controller -- it determines what Personal Data to submit, why, and on what legal basis.
- EmailProbe is the Processor -- it processes that data only on the Customer's documented instructions, namely those given by using the Service in accordance with the Terms of Service.
For Personal Data EmailProbe collects independently (for example, customer account records, billing email, support correspondence), EmailProbe is the Controller and the Privacy Policy applies.
3. Subject Matter, Duration, Nature, and Purpose
| Subject matter | Detection of disposable, alias, or otherwise suspicious email addresses submitted to the EmailProbe API. |
|---|---|
| Duration | For the term of the Customer's account, plus any retention period specified in section 5. |
| Nature | Real-time validation, classification, and reporting against a curated blocklist and infrastructure-fingerprint database; aggregation of domain-level signals for service improvement. |
| Purpose | To enable the Customer to prevent fraudulent, fake, or low-quality signups on its own service. |
| Categories of Data Subjects | End users of the Customer's products and services whose email addresses the Customer chooses to submit to EmailProbe. |
| Categories of Personal Data | Email addresses (submitted by the Customer; EmailProbe hashes these with SHA-256 within milliseconds of receipt and discards the raw value); IP addresses (ephemeral, used for rate limiting); aggregated behavioural signals at the domain level. |
| Special-category data | None. The Service is not designed to process special-category data (Article 9 GDPR). The Customer must not submit such data. |
4. EmailProbe's Obligations as Processor
EmailProbe will:
- Process Personal Data only on the Customer's documented instructions, including instructions given by using the Service, unless required to do otherwise by law applicable to EmailProbe (and in that case, will notify the Customer where legally permitted).
- Ensure that personnel authorised to process Personal Data are bound by appropriate confidentiality obligations.
- Implement and maintain the technical and organisational measures described in Annex A to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.
- Engage sub-processors only on the terms set out in section 6 and only after notifying the Customer with the opportunity to object.
- Assist the Customer, taking into account the nature of the Processing, in fulfilling its obligation to respond to requests from Data Subjects exercising their rights under applicable law.
- Assist the Customer in ensuring compliance with security obligations, breach notification, data protection impact assessments, and prior consultation with supervisory authorities (Articles 32 to 36 GDPR), taking into account the nature of the Processing and the information available to EmailProbe.
- At the Customer's choice, delete or return all Personal Data after the end of the provision of the Service, and delete existing copies unless retention is required by law (see section 8).
- Make available to the Customer all information necessary to demonstrate compliance with this DPA and allow for and contribute to audits, including inspections, as set out in section 10.
5. Customer's Obligations as Controller
The Customer:
- Has obtained and will maintain a valid legal basis for submitting each Data Subject's Personal Data to EmailProbe (typically the Customer's own legitimate interest in fraud prevention).
- Will not submit Personal Data that is not necessary for the purpose described in section 3.
- Will not submit special-category data, data concerning criminal convictions, or data of children under the applicable age of digital consent.
- Is responsible for the accuracy, quality, and legality of Personal Data submitted to the Service and the means by which it was acquired.
- Will respond to Data Subject requests directed to it; EmailProbe will assist in accordance with section 4.
6. Sub-processors
The Customer hereby provides a general written authorisation for EmailProbe to engage sub-processors. The current list of sub-processors is published at /sub-processors.html and includes (as of the effective date of this DPA) Cloudflare, Microsoft Clarity, Brevo (Sendinblue SAS), and Dodo Payments.
EmailProbe will:
- Impose, by way of a written agreement, the same data-protection obligations on each sub-processor as are imposed on EmailProbe under this DPA, in particular providing sufficient guarantees that the sub-processor will implement appropriate technical and organisational measures.
- Notify the Customer of any intended addition or replacement of sub-processors at least 14 days in advance (via update to the sub-processors page, plus email for annual and enterprise customers who have opted in), giving the Customer the opportunity to object on reasonable grounds related to data protection.
- Remain fully liable to the Customer for the performance of each sub-processor's obligations under this DPA.
7. International Transfers
EmailProbe and several of its sub-processors operate globally. Where Personal Data is transferred from the European Economic Area, the United Kingdom, or Switzerland to a country that the European Commission has not deemed to provide an adequate level of protection, the transfer is governed by:
- The Standard Contractual Clauses adopted by the European Commission Implementing Decision (EU) 2021/914 of 4 June 2021 ("SCCs"), Module 2 (Controller to Processor) or Module 3 (Processor to Processor) as applicable, which are incorporated by reference into this DPA.
- The UK International Data Transfer Addendum to the EU SCCs (issued by the ICO under section 119A of the Data Protection Act 2018) for transfers from the UK.
- The Swiss Federal Data Protection and Information Commissioner's recognition of the SCCs for transfers from Switzerland.
For transfers between EmailProbe and its sub-processors, EmailProbe ensures that equivalent contractual safeguards are in place.
8. Data Retention and Deletion
- Raw email addresses are never persisted. They are SHA-256 hashed during request handling and discarded.
- Hashed email records are retained for 30 days for abuse detection and customer-facing usage logs, then automatically purged.
- Domain-level aggregates contain no individual data and are retained for the lifetime of the Service.
- Customer account data is retained for the lifetime of the account and deleted within 30 days of account closure, except where retention is required by law (typically billing records for 7 years).
- Backups follow a 30-day rolling retention; data deleted from the live system propagates to backups within that window.
On request, EmailProbe will provide written confirmation that deletion has occurred.
9. Personal Data Breach Notification
EmailProbe will notify the Customer without undue delay -- and in any case within 72 hours -- after becoming aware of a Personal Data breach affecting the Customer's data. The notification will include, to the extent known at the time:
- The nature of the breach, including the categories and approximate number of Data Subjects and records affected;
- The name and contact details of EmailProbe's data protection contact;
- The likely consequences of the breach; and
- The measures taken or proposed to address the breach and mitigate its possible adverse effects.
10. Audits
EmailProbe will make available to the Customer, on reasonable request, the most recent third-party audit reports, certifications, and security documentation it holds for the Service. For Customers on Scale and Enterprise plans, EmailProbe will respond to security questionnaires and, with reasonable notice and during business hours, allow on-site audits no more than once per calendar year, conducted in a manner that does not unreasonably interfere with EmailProbe's operations and subject to appropriate confidentiality protections.
11. Liability
The liability of each party under this DPA is subject to the limitations and exclusions of liability set out in the Terms of Service, except where applicable data-protection law expressly prohibits such limitation.
12. Term and Termination
This DPA takes effect when the Customer begins using the Service and remains in force for as long as EmailProbe processes Personal Data on the Customer's behalf. On termination, EmailProbe will delete or return Personal Data in accordance with section 8.
13. Governing Law and Jurisdiction
This DPA is governed by the law and subject to the jurisdiction set out in the Terms of Service. Where Personal Data of EU/UK/Swiss Data Subjects is concerned, the mandatory provisions of applicable data-protection law and the SCCs prevail over any conflicting provision of the Terms of Service.
14. Order of Precedence
If there is a conflict between this DPA and the Terms of Service, this DPA prevails for matters relating to Processing of Personal Data. If there is a conflict between this DPA and the SCCs, the SCCs prevail.
Annex A: Technical and Organisational Measures
Access control
- Two-factor authentication required for all production-system access.
- Role-based access to customer data; least-privilege principle.
- Production credentials rotated regularly and stored in encrypted secret managers (Cloudflare Workers secrets, never committed to version control).
- Access logs retained and reviewed for anomalies.
Encryption
- All data in transit encrypted with TLS 1.2 or higher.
- Data at rest in Cloudflare D1 is encrypted using Cloudflare's managed encryption.
- Passwords hashed with PBKDF2-SHA-256, 100,000 iterations.
- API keys hashed with SHA-256 before storage; raw keys are never retained.
- Email addresses submitted via the API are SHA-256 hashed before any logging or storage.
Infrastructure security
- Hosted on Cloudflare's global edge network with built-in DDoS protection.
- Rate limiting per API key and per IP using Cloudflare Durable Objects.
- Security headers enforced site-wide (HSTS, X-Frame-Options, X-Content-Type-Options, strict CORS).
- Admin routes are not publicly accessible and require additional authentication.
Resilience
- Cloudflare's global edge network provides automatic failover; the Service has no single point of failure within Cloudflare's infrastructure.
- Daily automated backups of D1 with 30-day retention.
- Disaster recovery procedures tested at least annually.
Personnel
- All personnel with access to production systems are bound by confidentiality obligations that survive termination of their engagement.
- Security and privacy awareness training provided on onboarding and refreshed periodically.
Vendor management
- All sub-processors are bound by written data-protection terms equivalent to those in this DPA.
- The sub-processor list is published at /sub-processors.html and reviewed annually.
Annex B: Roles and Contacts
| EmailProbe data-protection contact | support@emailprobe.dev (subject line: "DPA") |
|---|---|
| Customer contact | The email address associated with the Customer's EmailProbe account. |
| Notification mechanism | Email for material updates; updates to /sub-processors.html for sub-processor changes. |
Acceptance
By using EmailProbe to process Personal Data of identifiable individuals, the Customer accepts this DPA and incorporates it into the Terms of Service. If the Customer's organisation requires a counter-signed copy, contact support@emailprobe.dev.