Privacy Policy
1. Introduction
EmailProbe ("we", "us", "our") operates the email validation and intelligence platform at emailprobe.dev. We respect your privacy and are committed to protecting the data you share with us.
This Privacy Policy explains what data we collect, how we use it, how long we retain it, and your rights regarding that data. It applies to all users of our website, API, and related services.
2. Data We Collect
Account Data
- Email address (used for login, notifications, and support)
- Hashed password (PBKDF2 with 100,000 iterations, SHA-256 -- we never store plain-text passwords)
- Account creation date and plan information
API Request Data
- SHA-256 hash of submitted email addresses -- not the raw email addresses themselves
- Domain names extracted from submitted emails
- Detection results (score, verdict, individual check outcomes)
- Response times and processing metadata
Domain Intelligence
- Domain-level aggregate signals: total lookups, unique customer count, random local-part ratio
- This data is aggregated across all API usage and contains no individual email information
Pattern Data
- Email naming convention patterns per domain (e.g., "first.last", "wordNNN", "random string")
- These patterns are derived from structural analysis of email formats, not from actual names or personal information
Usage Data
- API call counts and timestamps
- Plan tier and billing status
- Feature usage statistics
Technical Data
- IP addresses (used for rate limiting only -- not stored long-term)
- Request metadata (HTTP method, endpoint, user agent)
3. What We DO NOT Collect or Store
We want to be explicit about data we do not collect or retain:
- Raw email addresses -- only SHA-256 hashes, retained for 30 days
- Names from email addresses -- only structural patterns like "word.word" or "wordNNN"
- Passwords in plain text -- only PBKDF2 hashes with 100K iterations
- Browsing history -- we do not track pages you visit outside our service
- Tracking cookies -- we use no third-party analytics or advertising cookies
- Third-party analytics -- no Google Analytics, Mixpanel, Segment, or similar services
4. How We Use Data
We use collected data for the following purposes:
- Provide the email validation service -- processing API requests, returning detection results, and maintaining service quality
- Improve detection accuracy -- aggregating domain-level signals across all customers to build crowdsourced intelligence that identifies new disposable and suspicious domains
- Extract email naming patterns -- performing structural analysis at the domain level to detect anomalous registration patterns (e.g., domains where 90% of emails are random strings)
- Monitor and prevent abuse -- detecting API misuse, enforcing rate limits, and protecting our infrastructure
- Send service-related communications -- account verification, security alerts, plan change notifications, and material policy updates
5. Data Retention
| Data Type | Retention Period | Notes |
|---|---|---|
| API request logs (email hashes) | 30 days | Automatically deleted after 30 days |
| Pattern samples | 30 days | Structural patterns only, then deleted |
| Domain-level aggregates | Permanent | Contains no individual or personal data |
| Account data | Until account deletion | Deleted within 30 days of account closure |
| IP addresses (rate limiting) | Ephemeral | In-memory only, not persisted to disk |
6. Data Sharing
We do not sell your data. We do not share personal data with third parties for their marketing purposes. Data is shared only as follows:
Infrastructure: Cloudflare
Our service is hosted on Cloudflare's global edge network. Cloudflare processes requests as part of providing hosting, CDN, and DNS services. See Cloudflare's Privacy Policy.
Payments: Dodo Payments
When billing is active, payment processing is handled by Dodo Payments. They receive only the data necessary to process transactions (email, plan information). We do not store credit card numbers or payment credentials.
Law Enforcement
We may disclose data if required by law, subpoena, court order, or government request. We will notify affected users when legally permissible.
7. Your Rights
Under the General Data Protection Regulation (GDPR) and similar privacy laws, you have the following rights:
- Right to access -- request a copy of all personal data we hold about you
- Right to rectification -- request correction of inaccurate personal data
- Right to deletion -- request deletion of your account and all associated personal data
- Right to data portability -- receive your data in a structured, machine-readable format
- Right to object -- object to processing of your personal data for specific purposes
- Right to opt-out of crowdsourced intelligence -- request that your API query patterns not be used to improve detection for other customers
To exercise any of these rights, contact us at support@emailprobe.dev. We will respond within 30 days.
8. Cookies
We use only essential cookies required for the service to function:
- Session token: An HttpOnly JWT cookie used for authentication when you are logged in to the dashboard. This cookie is strictly necessary and cannot be used for tracking.
We do not use:
- Tracking cookies
- Analytics cookies
- Third-party cookies
- Advertising or retargeting cookies
Because we only use essential cookies, no cookie consent banner is required. However, we believe in transparency, which is why we disclose this here.
9. Security
We take the security of your data seriously. Our security measures include:
- Encryption in transit: All data is transmitted over HTTPS with TLS encryption
- Password hashing: Passwords are hashed using PBKDF2 with 100,000 iterations and SHA-256
- API key hashing: API keys are hashed with SHA-256 before storage -- we cannot recover lost keys
- Email hashing: Email addresses submitted via API are hashed with SHA-256 before any logging or storage
- Edge infrastructure: Our service runs on Cloudflare's global edge network with built-in DDoS protection
- Minimal data retention: We retain only what is necessary and automatically purge time-limited data
If you discover a security vulnerability, please report it to support@emailprobe.dev. We appreciate responsible disclosure.
10. Children's Privacy
EmailProbe is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a minor, we will delete that data promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes:
- The "Last updated" date at the top of this page will be revised
- For material changes, we will notify registered users via email at least 14 days before the changes take effect
- The previous version of the policy will be archived and available upon request
12. Contact
If you have questions about this Privacy Policy or how we handle your data, contact us at: