verifykit

Privacy Policy

Last Updated: October 2, 2025

This Privacy Policy describes how Nuno Miguel Duarte Unip. Lda ("Company", "we", "us", or "our") collects, uses, and shares your personal information when you use VerifyKit, our email validation and verification API service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Password (encrypted and hashed)
  • Company name (optional)
  • Billing information (processed by Stripe)

1.2 API Usage Data

When you use our API service, we collect:

  • Email addresses submitted for validation
  • Validation results and metadata
  • API key usage and request logs
  • Timestamp and IP address of requests
  • Rate limit and quota information

1.3 Technical Information

We automatically collect:

  • Browser type and version
  • Operating system
  • IP address and geolocation data
  • Device identifiers
  • Cookies and similar tracking technologies

2. How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision: To provide email validation and verification services
  • Account Management: To create, maintain, and secure your account
  • Billing: To process payments and manage subscriptions
  • Communication: To send service updates, security alerts, and usage notifications
  • Improvement: To analyze usage patterns and improve our service
  • Security: To detect and prevent fraud, abuse, and security incidents
  • Compliance: To comply with legal obligations and enforce our Terms of Service
  • Support: To respond to your inquiries and provide customer support

3. Email Data Processing

As an email validation service provider, we act as a data processor on behalf of our customers (data controllers) under GDPR.

3.1 Data Processing

  • Email addresses are processed only for validation purposes
  • Email addresses are stored in hashed format for caching (24 hours)
  • Validation results are retained for 30 days for analytics and support
  • We do NOT sell, rent, or share email addresses with third parties
  • We do NOT use email addresses for marketing purposes

3.2 Security Measures

  • All data transmissions use HTTPS/TLS encryption
  • Email addresses are encrypted during verification
  • Access controls limit employee access to customer data
  • Regular security audits and vulnerability assessments

4. Data Sharing and Disclosure

We may share your information with:

4.1 Service Providers

  • Cloudflare: Infrastructure and CDN services (US)
  • Stripe: Payment processing (EU/US)
  • Fly.io: SMTP verification service (EU)

4.2 Legal Requirements

We may disclose information when required by law or to:

  • Comply with legal process or government requests
  • Enforce our Terms of Service
  • Protect our rights, property, or safety
  • Prevent fraud or security incidents

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you before your data is transferred and becomes subject to a different privacy policy.

5. Data Retention

We retain different types of data for varying periods:

  • Account Information: Retained while your account is active and for 90 days after deletion
  • Validation Results: Retained for 30 days for analytics and support purposes
  • Cached Email Data: Automatically deleted after 24 hours
  • Usage Logs: Retained for 12 months for security and compliance
  • Billing Records: Retained for 7 years as required by law

6. Your Rights (GDPR & CCPA)

You have the following rights regarding your personal data:

6.1 Right to Access

You can request a copy of all personal data we hold about you.

6.2 Right to Rectification

You can update or correct inaccurate personal data through your account settings.

6.3 Right to Erasure

You can request deletion of your account and associated data at any time.

6.4 Right to Data Portability

You can request your data in a structured, machine-readable format.

6.5 Right to Object

You can object to processing of your personal data for direct marketing purposes.

6.6 Right to Withdraw Consent

You can withdraw consent at any time where processing is based on consent.

To exercise these rights, contact us at [email protected]

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

We ensure appropriate safeguards are in place for international data transfers, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with all service providers
  • Adherence to Privacy Shield principles where applicable

8. Security Measures

We implement industry-standard security measures to protect your data:

  • TLS/SSL encryption for all data in transit
  • AES-256 encryption for sensitive data at rest
  • Multi-factor authentication support
  • Regular security audits and penetration testing
  • Secure data centers with physical security controls
  • Employee training on data protection and security
  • Incident response procedures

Despite these measures, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

9. Children's Privacy

Our service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification (for significant changes)

Your continued use of the service after any changes constitutes your acceptance of the new Privacy Policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Nuno Miguel Duarte Unip. Lda

Email: [email protected]

Support: [email protected]

Website: https://verifykit.io

For EU residents: You have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.