Bounce Protect
Clean your email lists before you send
Legal
Privacy Policy
How we collect, use, and protect your information when you use Bounce Protect.
Overview
Bounce Protect (“we,” “us,” or “our”) operates the email validation platform at https://bounceprotect.com (the “Service”). This Privacy Policy explains what information we collect, how we use it, and the choices you have regarding your information.
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, please do not use our Service.
Summary
- We collect only what we need to provide the Service
- We do not sell your personal data to third parties
- Your uploaded email lists are used only to perform validation — never for marketing
- You can delete your data at any time
- We use industry-standard security measures to protect your information
Information We Collect
Account information
When you create an account, we collect your email address, name (if provided), and authentication credentials. If you sign in with Google, we receive your name, email address, and profile picture from Google in accordance with the permissions you grant.
Payment information
We use Stripe to process all payments. We do not store your credit card number, CVV, or full payment details on our servers. Stripe provides us with a tokenised reference and the last four digits of your card for display purposes. Stripe’s privacy practices are governed by Stripe’s Privacy Policy.
Uploaded data
To use our email validation service, you upload lists of email addresses. These email addresses are processed solely for the purpose of validation. We do not use uploaded email addresses for our own marketing, sell them to third parties, or share them with other customers.
Individual email rows are retained in your account dashboard for 30 days after upload to allow you to review results. After 30 days, individual email rows are automatically deleted. Upload summary statistics (counts, scores, file name) are retained for your history view.
Usage data
We collect information about how you use the Service, including pages visited, features used, upload history, validation counts, and session duration. This data helps us improve the product and diagnose issues.
Technical data
We collect standard server log data including IP addresses, browser type, operating system, referring URLs, and timestamps. This information is used for security monitoring, fraud prevention, and service diagnostics.
Communications
When you contact our support team, we retain the content of your communications to resolve your inquiry and improve our support quality.
How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service
- Process transactions and send billing-related communications
- Send transactional emails such as upload completion notifications, low credit warnings, and team invitations
- Respond to your support requests and questions
- Monitor and analyse usage to improve the Service
- Detect, prevent, and address fraud, abuse, and security incidents
- Comply with legal obligations
- Enforce our Terms of Service
We do not use your uploaded email lists to send marketing communications, build advertising profiles, or for any purpose other than performing the validation service you requested.
We may send you product updates, feature announcements, and occasional marketing emails to the address associated with your account. You can unsubscribe from marketing emails at any time using the link in the email footer. Transactional emails (billing, security alerts, team invitations) cannot be unsubscribed from as they are necessary for the operation of your account.
Data Sharing and Disclosure
We do not sell, rent, or trade your personal information. We may share information only in the following limited circumstances:
Service providers
We work with trusted third-party service providers who assist in operating the Service. These providers have access to your information only to the extent necessary to perform their functions and are contractually obligated to protect it:
- Supabase — database and authentication infrastructure
- Vercel — application hosting and edge network
- Stripe — payment processing
- Resend — transactional email delivery
- DigitalOcean — server infrastructure for SMTP validation
Legal requirements
We may disclose your information if required to do so by law or in response to valid legal process (such as a court order or government request), or to protect the rights, property, or safety of Bounce Protect, our users, or the public.
Business transfers
In the event of a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website prior to your information becoming subject to a different privacy policy.
With your consent
We may share your information with third parties when you have explicitly consented to such sharing.
Data Retention
We retain your information for as long as your account is active or as needed to provide you the Service. Specific retention periods:
| Data type | Retention period |
|---|---|
| Account information | Until account deletion |
| Individual email rows from uploads | 30 days from upload date, then automatically deleted |
| Upload summary statistics | Until account deletion |
| Payment records | 7 years (legal requirement) |
| Server logs | 90 days |
| Support communications | 3 years from last contact |
You may request deletion of your account and associated data at any time by contacting us at hello@bounceprotect.com. We will process deletion requests within 30 days. Note that some data may be retained for longer periods where required by law (for example, payment records).
Security
We implement industry-standard security measures to protect your information:
- All data is encrypted in transit using TLS/HTTPS
- Database data is encrypted at rest
- API keys are stored as SHA-256 hashes — the full key is never stored on our servers
- Row-level security is enforced at the database level so users can only access their own data
- Authentication is handled by Supabase with support for multi-factor authentication
- Administrative access is restricted to named individuals and requires multi-factor authentication
No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.
Your Rights
Depending on your location, you may have certain rights regarding your personal information. These include rights available under applicable Canadian privacy law (PIPEDA), the European General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA):
Right to access
You have the right to request a copy of the personal information we hold about you. You can access most of your account information directly from your dashboard.
Right to correction
You have the right to request that we correct inaccurate or incomplete personal information. You can update most account information directly from your account settings.
Right to deletion
You have the right to request deletion of your personal information. To delete your account and all associated data, contact us at hello@bounceprotect.com. Note that some data may need to be retained for legal or legitimate business purposes.
Right to data portability
You have the right to receive your personal data in a structured, machine-readable format. Contact us to request an export of your account data.
Right to opt out of marketing
You can opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by contacting us directly.
To exercise any of these rights, please contact us at hello@bounceprotect.com. We will respond to your request within 30 days.
Third-Party Services
Our Service integrates with third-party services. When you use these integrations, their respective privacy policies govern the collection of your data by those services:
- Google OAuth — when signing in with Google, you are subject to Google’s Privacy Policy
- Stripe — payment processing is subject to Stripe’s Privacy Policy
We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies before using them.
Children's Privacy
The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@bounceprotect.com and we will promptly delete such information.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated effective date, and by sending an email notification to the address associated with your account at least 14 days before the changes take effect.
Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy. If you do not agree to the updated policy, you must stop using the Service and may request deletion of your account.
Contact Us
If you have any questions about this Privacy Policy or how we handle your personal information, please contact us:
We are committed to resolving privacy concerns promptly and will respond to all inquiries within 5 business days.