Privacy Policy - EmailFootprint

1. Data processed

EmailFootprint processes only the data necessary to perform a search, including:

the email address submitted by the user
the search results generated at the time of the request

EmailFootprint does not:

send emails to searched addresses
create user accounts
perform cross-search tracking

2. Data retention

Search results are generated on demand and are not stored permanently.

The following temporary processing takes place:

Web search results and breach records are held in server memory for the duration of your session, typically a few minutes, to allow result delivery.
Breach lookup results may be cached in server memory for up to 24 hours to reduce repeated third-party API calls. This cache is stored in RAM only, is never written to disk, and is cleared on every server restart.
No search results are written to a database or retained after the session expires.

EmailFootprint does not maintain a long-term database of searched email addresses or their results.

3. Third-party data processors

EmailFootprint uses two third-party services to perform a search. By submitting an email address, you consent to it being sent to these services for the sole purpose of executing your search:

SerpAPI — used to retrieve publicly indexed web pages where the email address may appear. SerpAPI acts as a data processor on behalf of EmailFootprint.
HaveIBeenPwned — used to check whether the email address appears in known data breach records. The email address is transmitted to HaveIBeenPwned's servers in the United States. HaveIBeenPwned operates its own privacy policy, available at haveibeenpwned.com/Privacy. This transfer is made on the basis of the user's explicit consent, provided via the confirmation checkbox before purchase.

EmailFootprint does not control third-party content, does not guarantee its accuracy or legality, and is not responsible for changes or removals of third-party content or breach records.

No personal data is shared with any other third party, and no data is used for advertising, profiling, or marketing purposes.

4. Cookies and tracking

EmailFootprint does not use tracking cookies for profiling or advertising purposes.

Only strictly necessary technical cookies may be used to ensure proper service operation.

5. Data protection rights

Users may contact EmailFootprint for data protection inquiries or legal notices at helpemailfootprint@gmail.com.

6. Data controller

The data controller responsible for processing under this policy is EmailFootprint, contactable at helpemailfootprint@gmail.com.

7. Payment processing

Payment processing is handled by Stripe, Inc. EmailFootprint does not store, process, or have access to payment card details. Stripe's privacy policy applies to all payment transactions.

8. Server location and data transfers

EmailFootprint's servers are located in Germany (EU). Web search processing occurs within the European Economic Area.

Breach lookups involve transmitting the searched email address to HaveIBeenPwned, whose servers are located in the United States. This transfer occurs solely to fulfil your requested search, on the basis of your explicit consent. No other personal data is transferred outside the EEA.

9. Right to erasure

As EmailFootprint does not retain personal data after the session ends, no stored data exists to erase. Each search session is ephemeral and results expire automatically.