Privacy Policy

Last updated: March 26, 2026

Data We Collect

When you create an account, we store:

• Email address — for authentication (magic link login)
• IP address at registration — for anti-abuse (max 3 accounts per IP)
• API key — stored as a SHA-256 hash (we cannot read your key)
• Credit balance and purchase history

Email Verification Cache

When you verify an email address via the API, we cache the result for 7 days. The email address is stored as a SHA-256 hash — we do not store email addresses in plain text. Cache is automatically purged after 7 days.

Cookies

We use a single httpOnly session cookie (mp_session) for authentication. No tracking cookies, no analytics, no third-party cookies.

Third-Party Services

• Stripe — payment processing. Stripe handles all card data. We never see or store your card number. See Stripe's privacy policy.
• Resend — transactional emails (magic links, payment confirmations).

We do not use Google Analytics, advertising pixels, or any tracking service.

Data Retention

• Account data: kept as long as your account exists
• Verification cache: 7 days, then automatically deleted
• Server logs: standard web server logs, not shared or exploited

Your Rights (GDPR)

You have the right to access, rectify, or delete your personal data. To exercise these rights, contact us at contact@mailprobe.dev.

Data Controller

Iris Digital — SIREN 524 317 872, France