Privacy Policy

1.1 Account Information

When you register, we collect your email address, username, and password. Passwords are never stored in plaintext; they are hashed with a unique per-user salt using a strong cryptographic algorithm.

1.2 Email Addresses Submitted for Verification

When you use the Service, you submit email addresses for verification. These are processed through our 5-stage pipeline and verification results are stored in your account's validation history.

1.3 Usage Data

We collect information about how you use the Service, including API call history, validation counts, credit transactions, login timestamps, and feature usage patterns.

1.4 Payment Data

Payments are processed by our third-party payment providers: Stripe (credit/debit card payments) and Cryptomus (cryptocurrency payments). We do not store your full card numbers, wallet addresses, or other sensitive payment details on our servers. We receive only transaction confirmations, reference IDs, and the minimum billing information required for accounting purposes.

1.5 Technical Data

We collect IP addresses, browser type, operating system, and login history for security and fraud prevention purposes.

• Provide the Service: Process email verifications, deliver results, and manage your account.
• Account Management: Authenticate your identity, manage sessions, and process credit transactions.
• Service Improvement: Analyze usage patterns to improve verification accuracy and platform performance.
• Security: Detect and prevent unauthorized access, abuse, and fraudulent activity.
• Communication: Send transactional emails (account confirmation, password resets, purchase receipts).

3.1 How Verification Works

Email addresses submitted for verification are processed through our 5-stage pipeline:

• Stage 1 - Syntax: RFC compliance and format validation.
• Stage 2 - Domain: DNS/MX record lookup, SPF/DKIM/DMARC validation.
• Stage 3 - SMTP: Communication with recipient mail servers.
• Stage 4 - Social: Publicly available APIs (Gravatar, Have I Been Pwned) for social signal analysis.
• Stage 5 - Scoring: Microsoft 365 lookup for applicable domains, Bayesian + ML scoring.

3.2 No Sale or Sharing

• Account Data: Retained while your account is active. Deleted within 30 days of account deletion request.
• Validation History: Retained for up to 90 days, then automatically purged.
• Security Logs: IP addresses and access logs retained up to 12 months for security purposes.

We implement industry-standard security measures to protect your data:

• Encryption: All data in transit is encrypted using TLS/SSL. Website and API accessible only over HTTPS.
• Password Hashing: Passwords hashed with unique per-user salts using strong cryptographic algorithms.
• Access Controls: Strict need-to-know access for personnel. API access via unique, regenerable API keys.
• Incident Response: In the event of a data breach, we will notify affected users promptly per applicable laws.

6.1 Essential Cookies

We use session cookies for authentication and local storage for theme preferences. These are strictly necessary for the Service.

6.2 No Third-Party Tracking

For a detailed breakdown of the specific cookies we use, their purposes, and how to manage them, please see our Cookie Policy.

Our Service integrates with the following third-party services:

• Stripe: Credit and debit card payment processing. Stripe collects and processes payment card information in accordance with PCI DSS standards. See Stripe's Privacy Policy.
• Cryptomus: Cryptocurrency payment processing. Only transaction confirmations are shared with us.
• Microsoft 365 API: Email existence checks for applicable domains. Only the email being verified is transmitted.
• Gravatar: Public API to check for associated avatar profiles using email hashes.
• Have I Been Pwned: Public API to check if email has appeared in known data breaches.

Regardless of location, we provide all users with the following rights:

• Access: Request a copy of the personal data we hold about you.
• Deletion: Request deletion of your account and all associated data (completed within 30 days).
• Data Portability: Request an export of your data in machine-readable format (JSON or CSV).
• Rectification: Request correction of inaccurate personal data.
• Opt Out: Opt out of marketing communications at any time.

To exercise any of these rights, contact us at privacy@bouncezero.io. We will respond within 30 days.

8.2 GDPR (European Economic Area and United Kingdom)

If you are located in the EEA or UK, BounceZero Ltd acts as the Data Controller for your personal data. Our legal bases for processing include: performance of a contract (providing the Service), legitimate interests (security, fraud prevention, service improvement), and consent (where applicable). You have the right to lodge a complaint with your local data protection authority, including the UK Information Commissioner's Office (ICO).

8.3 CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information. We do NOT sell your personal information. You have the right to know what personal information we collect, request deletion, and opt out of any future sale of personal information. We will not discriminate against you for exercising your CCPA rights.

BounceZero is not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that a minor has provided personal data, we will delete it immediately.

BounceZero Ltd is incorporated in the United Kingdom, which maintains data protection standards recognised as adequate by the European Commission. Our servers may be located in multiple jurisdictions. Where personal data is transferred outside the UK or EEA to countries that do not have an adequacy decision, we ensure appropriate safeguards are in place, including standard contractual clauses (SCCs) and technical security measures, in compliance with the UK GDPR and the EU GDPR.

We may update this Privacy Policy periodically. Material changes will be communicated via email or dashboard notification. Your continued use of the Service constitutes acceptance of the updated policy.

For privacy-related inquiries, contact us:

See also: Cookie Policy | Terms of Service | Refund Policy