MailsGuard ("we", "us", or "our") operates mailsguard.io and the MailsGuard API. This policy explains what data we collect, how we use it, and your rights.
What data we collect
Account data: When you sign up, we collect your email address and name. We store a hashed (irreversible) version of your password — we never store plaintext passwords.
Email addresses you verify: We never store the email addresses you submit for verification. Instead, we store a cryptographic fingerprint — specifically, an HMAC-SHA256 hash computed using a secret key only we hold. This fingerprint is mathematically irreversible: it is impossible to recover an email address from its hash. These fingerprints allow us to return faster results for previously-verified addresses without retaining any personally identifiable information. Fingerprints expire automatically: valid addresses after 30 days, invalid after 90 days, unknown after 7 days. We do not sell or share these fingerprints or any verification data with third parties.
Usage data: We log API requests, verification results, and credit transactions for billing and debugging purposes. Logs are retained for 90 days.
Payment data: Payments are processed by Stripe. We do not store your card details — Stripe handles all payment data under their own privacy policy.
How we use your data
We use your data to: provide the verification service, process payments, send transactional emails (password reset, receipts), and improve the service. We do not use your data for advertising or sell it to third parties.
Data retention
Account data is retained while your account is active and deleted within 30 days of account closure. Email verification fingerprints (HMAC-SHA256 hashes — not email addresses) expire automatically based on result type: valid addresses after 30 days, invalid after 90 days, unknown after 7 days. Uploaded CSV files are deleted from our servers within 7 days of job completion. Individual verification records are deleted after 30 days. API logs are retained for 90 days. You may request deletion of your account and all associated data at any time by contacting privacy@mailsguard.io.
Cookies
We use a single session cookie to keep you logged in to the dashboard. We do not use tracking or advertising cookies.
Third-party services
We use the following third-party services: Stripe (payments), Resend (transactional email), Railway (infrastructure). Each operates under their own privacy policy.
Your rights
You have the right to access, correct, or delete your personal data. To exercise these rights, email us at privacy@mailsguard.io.
Contact
Questions about this policy? Email privacy@mailsguard.io.