BounceProtect
Clean your email lists before you send
Legal
Privacy Policy
How we collect, use, and protect your information when you use BounceProtect.
Overview
BounceProtect (“we,” “us,” or “our”) operates the email validation platform at https://www.bounceprotect.com (the “Service”). This Privacy Policy explains what information we collect, how we use it, and the choices you have regarding your information.
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, please do not use our Service.
Summary
- We collect only what we need to provide the Service
- We do not sell your personal data to third parties
- Your uploaded email lists are used only to perform validation — never for marketing
- You can delete your data at any time
- We use industry-standard security measures to protect your information
Information We Collect
Account information
When you create an account, we collect your email address, name (if provided), and authentication credentials. If you sign in with Google, we receive your name, email address, and profile picture from Google in accordance with the permissions you grant.
Payment information
We use Stripe to process all payments. We do not store your credit card number, CVV, or full payment details on our servers. Stripe provides us with a tokenised reference and the last four digits of your card for display purposes. Stripe’s privacy practices are governed by Stripe’s Privacy Policy.
Uploaded data
To use our email validation service, you upload lists of email addresses. These email addresses are processed solely for the purpose of validation. We do not use uploaded email addresses for our own marketing, sell them to third parties, or share them with other customers.
Individual email rows are retained in your account dashboard for 30 days after upload to allow you to review results. After 30 days, individual email rows are automatically deleted. Upload summary statistics (counts, scores, file name) are retained for your history view.
Usage data
We collect information about how you use the Service, including pages visited, features used, upload history, validation counts, and session duration. This data helps us improve the product and diagnose issues.
Technical data
We collect standard server log data including IP addresses, browser type, operating system, referring URLs, and timestamps. This information is used for security monitoring, fraud prevention, and service diagnostics.
Communications
When you contact our support team, we retain the content of your communications to resolve your inquiry and improve our support quality.
How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service
- Process transactions and send billing-related communications
- Send transactional emails such as upload completion notifications, low credit warnings, and team invitations
- Respond to your support requests and questions
- Monitor and analyse usage to improve the Service
- Detect, prevent, and address fraud, abuse, and security incidents
- Comply with legal obligations
- Enforce our Terms of Service
We do not use your uploaded email lists to send marketing communications, build advertising profiles, or for any purpose other than performing the validation service you requested.
We may send you product updates, feature announcements, and occasional marketing emails to the address associated with your account. You can unsubscribe from marketing emails at any time using the link in the email footer. Transactional emails (billing, security alerts, team invitations) cannot be unsubscribed from as they are necessary for the operation of your account.
Legal Basis for Processing (GDPR)
For users in the European Economic Area, we process your personal information under the following legal bases:
Contract performance (Article 6(1)(b))
Providing email validation services, processing uploads, managing your account, billing, and customer support.
Legitimate interests (Article 6(1)(f))
Improving our services, security monitoring, fraud prevention, and diagnosing technical issues.
Consent (Article 6(1)(a))
Sending marketing emails and newsletter communications. You may withdraw consent at any time by clicking unsubscribe in any email.
Legal obligation (Article 6(1)(c))
Retaining payment records and complying with applicable law.
Data Sharing and Disclosure
We do not sell, rent, or trade your personal information. We may share information only in the following limited circumstances:
Service providers
We work with trusted third-party service providers to operate the Service. A complete list of our sub-processors is available upon request at hello@bounceprotect.com.
Legal requirements
We may disclose your information if required to do so by law or in response to valid legal process (such as a court order or government request), or to protect the rights, property, or safety of BounceProtect, our users, or the public.
Business transfers
In the event of a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website prior to your information becoming subject to a different privacy policy.
With your consent
We may share your information with third parties when you have explicitly consented to such sharing.
Data Retention
We retain your information for as long as your account is active or as needed to provide you the Service. Specific retention periods:
| Data type | Retention period |
|---|---|
| Account information | Until account deletion |
| Individual email rows from uploads | 30 days from upload date, then automatically deleted |
| Upload summary statistics | Until account deletion |
| Zapier webhook subscriptions | Until deleted via Zapier or account deletion |
| Payment records | 7 years (legal requirement) |
| Server logs | 90 days |
| Support communications | 3 years from last contact |
You may request deletion of your account and associated data at any time by contacting us at hello@bounceprotect.com. We will process deletion requests within 30 days. Note that some data may be retained for longer periods where required by law (for example, payment records).
Security
We implement industry-standard security measures to protect your information:
- All data is encrypted in transit using TLS/HTTPS
- Database data is encrypted at rest
- API keys are stored as SHA-256 hashes — the full key is never stored on our servers
- Row-level security is enforced at the database level so users can only access their own data
- Authentication is handled by Supabase with support for multi-factor authentication
- Administrative access is restricted to named individuals and requires multi-factor authentication
No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.
Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. We will notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms. Notification will include the nature of the breach, likely consequences, and measures taken to address it.
Automated Decision-Making
We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you as defined under GDPR Article 22.
Our email validation service uses automated algorithms to assess email validity and deliverability. These assessments are performed entirely at your request as part of the service you have subscribed to and do not involve processing of personal characteristics.
Your Rights
Depending on your location, you may have certain rights regarding your personal information. These include rights available under applicable Canadian privacy law (PIPEDA), the European General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA):
Right to access
Request a copy of personal information we hold.
Right to correction
Request correction of inaccurate data. Most account information can be updated directly from your dashboard.
Right to deletion
Request deletion of your account and associated data by contacting hello@bounceprotect.com. We will process requests within 30 days.
Right to restrict processing
Request we limit how we use your data in certain circumstances.
Right to data portability
Receive your data in a structured, machine-readable format. Contact us to request an export.
Right to object
Object to processing based on legitimate interests or for direct marketing purposes.
Right to withdraw consent
Withdraw at any time by clicking unsubscribe or contacting us directly.
Right to lodge a complaint
Lodge a complaint with your local data protection authority if you believe your data has not been handled properly.
To exercise any of these rights, contact hello@bounceprotect.com. We will respond within 30 days. No fees charged unless requests are manifestly unfounded or excessive.
Third-Party Services
Our Service integrates with third-party services. When you use these integrations, their respective privacy policies govern the collection of your data by those services:
- Google OAuth — when signing in with Google, you are subject to Google’s Privacy Policy
- Stripe — payment processing is subject to Stripe’s Privacy Policy
- Anthropic Claude — when users connect BounceProtect via the MCP integration, validation requests may be processed through Anthropic's platform. Subject to Anthropic's Privacy Policy.
- Zapier — when users connect BounceProtect via the Zapier integration, workflow data passes through Zapier's platform. Subject to Zapier's Privacy Policy.
We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies before using them.
Children's Privacy
The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@bounceprotect.com and we will promptly delete such information.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated effective date, and by sending an email notification to the address associated with your account at least 14 days before the changes take effect.
Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy. If you do not agree to the updated policy, you must stop using the Service and may request deletion of your account.
Business Customers and Data Processing
When you use BounceProtect's API, Zapier integration, or MCP integration to validate email addresses from your own systems:
- You are the Data Controller — responsible for ensuring you have a lawful basis to process the email addresses you submit
- BounceProtect acts as a Data Processor — we process email addresses on your behalf solely to deliver the validation service
Business customers requiring a Data Processing Agreement (DPA) for GDPR compliance may request one by contacting hello@bounceprotect.com.
Contact Us
If you have any questions about this Privacy Policy or how we handle your personal information, please contact us:
BounceProtect
Toronto, Ontario, Canada
Email: hello@bounceprotect.com
Website: https://www.bounceprotect.com
We are committed to resolving privacy concerns promptly and will respond to all inquiries within 5 business days.