Privacy Policy
Last updated: 2026-05-10
This Privacy Policy explains what personal data emailzeno ("we", "us", "the service") collects, how we use it, and the rights you have over it. The service is operated from the European Union and processes data in line with the EU General Data Protection Regulation (GDPR).
1. Data we collect
Account data
- Email address, name, hashed password
- API keys you generate (hashed; raw value shown once)
- Sign-up IP, user-agent, country (anti-abuse signals)
Verification data
- Email addresses you submit for verification
- SMTP probe results, MX records, status codes, quality scores
- Job metadata (timestamp, source IP, batch size)
Billing data
- Stripe customer ID, subscription status, last 4 digits of card (held by Stripe, not us)
- Invoice records and credit ledger entries
Usage data
- Application logs (request paths, response codes, timings — no payloads)
- Aggregate analytics (page views, feature usage)
2. How we use it
- Provide the email verification service you requested
- Authenticate API and dashboard requests
- Bill subscriptions and credit packs
- Detect abuse, fraud, and prevent service degradation
- Send transactional notifications (job complete, billing receipts)
3. Sub-processors
We rely on the following third parties to operate the service. Each is bound by a Data Processing Agreement.
- Hetzner (DE) — primary infrastructure host
- Stripe (US/IE) — payment processing
- Cloudflare (US/EU) — CDN, DNS, Turnstile bot detection
- Bunny.net (SI) — privacy-friendly font CDN
- Twilio (US) — SMS verification (only when phone-verify is enabled)
- IPQualityScore (US) — IP risk scoring (only when enabled)
4. Retention
- Verification results: kept for 90 days, then anonymised. Job metadata retained for billing reconciliation up to 7 years.
- Signup attempts: 90 days (anti-abuse audit).
- Account data: kept for the lifetime of your account; deleted on request within 30 days.
- Logs: 30 days rolling.
5. Your rights
Under GDPR you have the right to access, correct, port, restrict, and erase your personal data. Email [email protected] to exercise these rights. We respond within 30 days.
6. Cookies
We set a single first-party session cookie for authentication and a theme preference cookie (ec-theme). No third-party tracking cookies are set on the marketing site. The dashboard may set Stripe and Cloudflare cookies during checkout and bot challenges respectively.
7. International transfers
Data may be transferred to the United States via our sub-processors. Transfers are protected by Standard Contractual Clauses or, where applicable, by participation in the EU–US Data Privacy Framework.
8. Changes to this policy
We will notify registered users by email at least 14 days before any material change takes effect.
Questions? Contact [email protected].