Privacy Policy

Disposable.Check (“we”, “us”, “our”) is a service operated by [LEGAL ENTITY NAME], located at [REGISTERED BUSINESS ADDRESS]. We provide an API and dashboard that detect disposable, temporary, and throwaway email addresses. This policy applies to [your-domain.com] and all related services we operate (the “Service”).

For privacy questions, or to exercise your rights, contact us at [privacy@your-domain.com].

We collect the following categories of information:

• Account information. When you sign up, we collect your name, email address, organization name, and role. Authentication (passwords, email confirmation, and password resets) is handled by our authentication provider; we never see or store your raw password.
• Billing information. Paid subscriptions are processed by our payment processor (Stripe). We store your subscription plan, status, renewal dates, and a customer identifier — but we do not store full card numbers or card security codes.
• API usage data. When you call our detection API, we log the request: a timestamp, the team/account that made the call, the requesting IP address, the domain checked, and the response we returned. We use this for billing (credit usage), analytics, rate limiting, and abuse prevention.
• Email addresses you submit for checking. To classify an address you (or your end users) submit, we process the address — primarily its domain. See “Email addresses you submit” below for how this data is handled.
• Bulk-check files. If you use the bulk CSV feature, we temporarily store your uploaded file and the generated results file in private storage to process the job (see “Data retention”).
• Cookies & session data. We use strictly necessary cookies to keep you signed in. See “Cookies” below.

The core purpose of the Service is to evaluate whether an email address is disposable. To do this we extract and process the domain of the address. We log the request for analytics and abuse prevention, but we do not sell or share these addresses, and we do not index or profile the local-part (the portion before the “@”) for advertising or retargeting.

If you submit addresses belonging to your own end users (for example, to screen sign-ups), you are responsible for having a lawful basis to do so and for disclosing this processing in your own privacy notice. With respect to that data, you are the data controller and we act as your processor.

• To provide, operate, and maintain the Service;
• To authenticate you and secure your account;
• To meter credit usage and process payments;
• To detect, investigate, and prevent fraud and abuse;
• To improve detection accuracy (for example, by updating our disposable-domain lists and reputation signals);
• To send transactional messages (confirmations, password resets, billing notices, and support replies); and
• To comply with legal obligations.

For domains that our heuristics cannot confidently classify, we may send the domain (not the full email address) to a third-party AI model provider for a classification verdict. We do not send the local-part of the address. Verdicts are cached so the same domain is not re-sent unnecessarily.

We do not sell your personal information. We share information only with service providers who process it on our behalf, under contract, to run the Service. These currently include:

• Payments — Stripe (subscription billing and card processing);
• Authentication & database/storage — our backend platform provider (account auth, database, and bulk-file storage);
• AI classification — our AI model provider (gray-zone domain verdicts, as described above);
• Email delivery — our transactional email provider; and
• Hosting & infrastructure — our hosting and caching providers.

We may also disclose information where required by law, to enforce our agreements, or to protect the rights, safety, and security of our users and the Service. If we are involved in a merger or acquisition, information may be transferred as part of that transaction.

Business customers acting as data controllers can review the full list of sub-processors and our processing commitments in our Data Processing Agreement.

We keep personal data only as long as necessary for the purposes above:

• Account data — for the life of your account, and for a reasonable period afterward to meet legal, tax, and accounting obligations.
• API request logs — retained for analytics, billing, and abuse prevention.
• Bulk-check files — uploaded input files are deleted automatically after 7 days; generated result files after 30 days.
• Operational caches — domain and detection results are cached for short, fixed periods (typically hours to 30 days) to keep the Service fast.

We use strictly necessary cookies to maintain your authenticated session and keep the Service secure. We do not use these cookies for advertising. Blocking essential cookies may prevent you from signing in.

We use industry-standard measures — including encryption in transit, access controls, and scoped API keys — to protect information. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. Keep your account credentials and API keys confidential, and revoke any key you believe has been compromised from your dashboard.

Depending on where you live (for example, under the EU/UK GDPR or the California CCPA/CPRA), you may have the right to access, correct, delete, port, or restrict the processing of your personal data, and to object to certain processing. We do not sell personal information.

To exercise any of these rights, email [privacy@your-domain.com]. We will verify your request and respond within the time required by applicable law. You may also delete your account from the dashboard.

We may process and store information in countries other than your own. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for international transfers.

The Service is intended for businesses and is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above and, for material changes, provide additional notice. Your continued use of the Service after an update means you accept the revised policy.

Questions about this policy or your data? Email [privacy@your-domain.com] or reach our support team at [support@your-domain.com]. You can also use our contact page.