1.1 Account Information

When you register, we collect your email address, username, and password. Passwords are never stored in plaintext; they are hashed with a unique per-user salt using a strong cryptographic algorithm.

1.2 Email Addresses Submitted for Verification

When you use the Service, you submit email addresses for verification. These are processed through our 5-stage pipeline and verification results are stored in your account's validation history.

1.3 Usage Data

We collect information about how you use the Service, including API call history, validation counts, credit transactions, login timestamps, and feature usage patterns.

1.4 Payment Data

Payments are processed by Cryptomus, our third-party cryptocurrency payment provider. We do not store your wallet addresses or payment details. We receive only transaction confirmation and reference IDs.

1.5 Technical Data

We collect IP addresses, browser type, operating system, and login history for security and fraud prevention purposes.

• Provide the Service: Process email verifications, deliver results, and manage your account.
• Account Management: Authenticate your identity, manage sessions, and process credit transactions.
• Service Improvement: Analyze usage patterns to improve verification accuracy and platform performance.
• Security: Detect and prevent unauthorized access, abuse, and fraudulent activity.
• Communication: Send transactional emails (account confirmation, password resets, purchase receipts).

3.1 How Verification Works

Email addresses submitted for verification are processed through our 5-stage pipeline:

• Stage 1 - Syntax: RFC compliance and format validation.
• Stage 2 - Domain: DNS/MX record lookup, SPF/DKIM/DMARC validation.
• Stage 3 - SMTP: Communication with recipient mail servers.
• Stage 4 - Social: Publicly available APIs (Gravatar, Have I Been Pwned) for social signal analysis.
• Stage 5 - Scoring: Microsoft 365 lookup for applicable domains, Bayesian + ML scoring.

3.2 No Sale or Sharing

• Account Data: Retained while your account is active. Deleted within 30 days of account deletion request.
• Validation History: Retained for up to 90 days, then automatically purged.
• Security Logs: IP addresses and access logs retained up to 12 months for security purposes.

We implement industry-standard security measures to protect your data:

• Encryption: All data in transit is encrypted using TLS/SSL. Website and API accessible only over HTTPS.
• Password Hashing: Passwords hashed with unique per-user salts using strong cryptographic algorithms.
• Access Controls: Strict need-to-know access for personnel. API access via unique, regenerable API keys.
• Incident Response: In the event of a data breach, we will notify affected users promptly per applicable laws.

6.1 Essential Cookies

We use session cookies for authentication and local storage for theme preferences. These are strictly necessary for the Service.

6.2 No Third-Party Tracking

Our Service integrates with the following third-party services:

• Cryptomus: Cryptocurrency payment processing. Only transaction confirmations are shared with us.
• Microsoft 365 API: Email existence checks for applicable domains. Only the email being verified is transmitted.
• Gravatar: Public API to check for associated avatar profiles using email hashes.
• Have I Been Pwned: Public API to check if email has appeared in known data breaches.

Regardless of location, we provide all users with the following rights:

• Access: Request a copy of the personal data we hold about you.
• Deletion: Request deletion of your account and all associated data (completed within 30 days).
• Data Portability: Request an export of your data in machine-readable format (JSON or CSV).
• Rectification: Request correction of inaccurate personal data.
• Opt Out: Opt out of marketing communications at any time.

To exercise any of these rights, contact us at admin@bouncezero.io. We will respond within 30 days.

BounceZero is not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that a minor has provided personal data, we will delete it immediately.

By using our Service, you consent to the transfer of your data to servers that may be located in jurisdictions with different data protection laws. We ensure appropriate safeguards are in place, including standard contractual clauses and technical security measures.

We may update this Privacy Policy periodically. Material changes will be communicated via email or dashboard notification. Your continued use of the Service constitutes acceptance of the updated policy.

For privacy-related inquiries, contact us: