Mailthentic
Legal

Privacy Policy

How Mailthentic collects, uses, and protects information.

Last updated: March 2026

1. Data We Collect

We collect the following categories of information to operate the Mailthentic service:

  • Account information — email address, name, and password (or OAuth identity) provided during registration.
  • Phone number — optionally provided for SMS notification alerts.
  • Email lists — addresses you upload for verification, including bulk files and scheduled job files.
  • Verification results — status, confidence scores, DNS records, and SMTP response data generated during verification.
  • Payment information — billing details processed by Stripe; we do not store full card numbers.
  • Login activity — IP address, user agent, approximate geographic location, and timestamps for each sign-in to support security monitoring.
  • Support data — ticket content, attachments, and correspondence submitted through our support system.
  • Usage metadata — credit transactions, job history, webhook delivery logs, and notification preferences.

2. How We Use Your Data

2.1 Service operations

Data is used to process verification jobs (including scheduled recurring jobs), present results and reporting, manage credit balances, and support account and team management features.

2.2 Support and communication

Contact submissions and support tickets are used to respond to inquiries and improve service quality. We may send transactional emails regarding your account activity, verification results, and billing events.

2.3 SMS notifications

If you provide a phone number and opt in, we send transactional SMS alerts (e.g., low credit warnings, bulk job completion). We do not use your phone number for marketing.

2.4 Security

Login activity records, two-factor authentication data, and session information are used to detect unauthorized access and protect your account.

3. Data Handling Principles

  • We do not send emails on your behalf from uploaded lists.
  • We do not resell customer-uploaded contact data.
  • We apply appropriate safeguards for stored service data.
  • We do not use your data for advertising or profiling.

4. Teams and Shared Data

If you join or create a team, your email address and name are visible to other team members. Verification jobs, results, and credit usage within a team workspace are shared among team members according to their assigned roles. The team owner is the data controller for team-level data.

5. Third-Party Services

We use the following categories of third-party service providers to operate the platform:

  • Payment processing — Stripe processes payments and stores card details under their own privacy policy.
  • Authentication — Google OAuth may be used for sign-in. We receive only your name and email address from Google; we do not access your contacts, calendar, or other Google data.
  • SMS delivery — If SMS is enabled, Twilio delivers text messages. Your phone number is transmitted to Twilio solely for message delivery.
  • Infrastructure — Hosting, database, caching, and background processing providers handle data as needed for platform operations.

6. Webhooks and External Data Delivery

If you configure webhook endpoints, Mailthentic sends verification event data to your specified URLs. Webhook payloads are signed with HMAC for authenticity. You are responsible for the security of your receiving endpoints. We retain webhook delivery logs (status codes and timestamps) for debugging and retry purposes.

7. Cookies and Sessions

Mailthentic uses session cookies to maintain your authenticated state. We also store a preference for dark mode and sidebar state in your browser's local storage. We do not use third-party tracking cookies or analytics services that track you across other websites.

8. Data Retention and Deletion

8.1 Retention

Verification results are retained for as long as your account is active or as needed for operational and compliance purposes. Login activity records are retained for security auditing. Expired credits are automatically removed from active balances.

8.2 Data export

You may export your account data at any time through the Account settings in the dashboard.

8.3 Account deletion

You may permanently delete your account through the dashboard. This removes your personal information, verification history, team memberships, and all associated data. This action is irreversible.

9. Security Practices

We implement technical and organizational controls to protect service data, including:

  • Encrypted data transmission (TLS/HTTPS)
  • Hashed and salted password storage
  • Optional two-factor authentication (TOTP)
  • Session management with device tracking
  • HMAC-signed webhook payloads
  • Role-based access control for team workspaces

No system is entirely risk-free. Users should maintain strong passwords, enable 2FA, and revoke unused sessions.

10. Your Rights and Responsibilities

You are responsible for the lawful collection and use of data uploaded to Mailthentic and for compliance with applicable privacy regulations (such as GDPR, CCPA, or other local laws). You have the right to access, correct, export, or delete your personal data through the dashboard or by contacting support.

11. Policy Updates

We may update this policy from time to time. Material changes will be reflected on this page with an updated effective date. If changes significantly affect how we handle your data, we will notify you via email or in-app notification.

12. Contact Information

For privacy questions or data requests, please reach out via the Contact page.