EmailFootprint runs two independent checks for every search: a public web scan and a data breach lookup. Both run simultaneously and results are combined into a single report.
EmailFootprint checks whether the searched email address appears on publicly indexed web pages. "Publicly indexed" refers to content that is accessible and indexed by search engines at the time of the search. Content that is private, restricted, recently published, or excluded from indexing may not appear in results.
Web scan outcomes may change over time as web content and indexes evolve.
EmailFootprint checks the searched email address against known data breach records via HaveIBeenPwned, an independent breach database maintained by security researcher Troy Hunt. HaveIBeenPwned aggregates publicly disclosed breach data from thousands of incidents worldwide and is widely regarded as the industry standard for breach notification.
A breach record indicates that the email address was present in a dataset exposed during a security incident. The record includes the name of the breach, the date it occurred, and the types of data that were exposed (for example: passwords, usernames, or phone numbers).
Breach records reflect historical events. The presence of a breach record does not necessarily indicate a current risk — particularly if the user has changed their credentials since the breach occurred.
A no-results outcome means no appearances were found in either source at the time of the scan. It does not guarantee that no exposure exists — only that none was identified with the sources checked.
Scans typically complete within 30 to 90 seconds depending on the volume of indexed content and network conditions.
