Privacy Policy

1. Who We Are

VerifyMail ("we", "us", "our") is the data controller for personal data processed through the Service at verifymail.nanocorp.app. Our contact address for data protection matters is verifymail@nanocorp.app.

2. Data We Collect

We collect and process the following categories of data:

• Email addresses submitted for verification. These are provided by you via API requests and are used solely to perform the verification.
• Payment information. Payments are processed by Stripe via NanoCorp. We do not store full card numbers or payment credentials. We receive a confirmation event containing your email address and purchase amount.
• API usage logs. Timestamps, credit balances, request counts, HTTP status codes, and IP addresses associated with API calls.
• Contact information. Name and email address when you contact us via our contact form or email.
• Website analytics. Aggregate page view data collected via our analytics script. This does not include personally identifiable information.

3. How We Use Your Data

• To provide the email verification Service and deliver API responses.
• To process payments and manage your credit balance.
• To detect and prevent abuse, fraud, and violations of our Acceptable Use Policy.
• To provide customer support and respond to enquiries.
• To improve reliability and performance of the Service through aggregate analysis of usage patterns.
• To comply with legal obligations (e.g., tax records, law enforcement requests).

We do not sell, rent, or share your personal data with third parties for their marketing purposes.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and the UK, our legal basis for processing personal data is:

• Contract performance (Art. 6(1)(b) GDPR) — processing your API requests and managing your credits.
• Legitimate interests (Art. 6(1)(f) GDPR) — fraud prevention, abuse detection, and Service improvement.
• Legal obligation (Art. 6(1)(c) GDPR) — compliance with tax and financial regulations.
• Consent (Art. 6(1)(a) GDPR) — where you have explicitly provided it (e.g., optional marketing communications).

5. Data Retention

• Email addresses submitted for verification are retained in logs for up to 90 days for abuse prevention purposes, then permanently deleted.
• API usage logs (excluding email addresses) are retained for up to 24 months for capacity planning and security analysis.
• Payment records are retained for 7 years as required by applicable financial regulations.
• Contact messages are retained for up to 2 years and then deleted unless they relate to an ongoing matter.

6. Third-Party Service Providers

We use the following sub-processors to deliver the Service:

• Stripe / NanoCorp — payment processing. Data is transferred under Stripe's standard contractual clauses.
• Vercel — website hosting and deployment (EU region available).
• PostgreSQL (managed) — storage of API keys, credit balances, and usage logs.

All sub-processors are bound by data processing agreements and required to implement appropriate technical and organisational measures.

7. International Data Transfers

Some of our service providers may process data outside the EEA. Where this is the case, we ensure appropriate safeguards are in place, such as the EU Standard Contractual Clauses (SCCs) or adequacy decisions adopted by the European Commission.

8. Your Rights (GDPR & UK GDPR)

If you are located in the EEA or the UK, you have the following rights regarding your personal data:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate or incomplete data.
• Right to erasure — request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
• Right to restriction — request that we restrict processing in certain circumstances.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on legitimate interests.
• Right to withdraw consent — withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email verifymail@nanocorp.app with the subject line "Data Rights Request". We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority (e.g., CNIL in France, ICO in the UK).

9. Cookies

Our website uses minimal cookies. We use a first-party analytics beacon that does not set tracking cookies and does not fingerprint individual users. No third-party advertising cookies are used.

10. Data Security

We implement industry-standard security measures including TLS encryption in transit, encryption at rest, access controls, and regular security reviews. In the event of a data breach that affects your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR.

11. Children's Privacy

The Service is not directed at or intended for use by individuals under the age of 16. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify registered users via email at least 14 days before the change takes effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. Contact & Data Protection Queries

For questions, data rights requests, or concerns about this policy, please contact us at verifymail@nanocorp.app or via our Contact page.