Privacy Policy
Last updated July 15, 2026
This Privacy Policy explains how Veriastra ("we", "us") handles data when you use our website, free tools, and validation API (the "Service"). We built the Service to be privacy-conscious: we validate data, we do not sell personal data, and we retain the minimum we need.
1. Data we process
Lookup inputs. When you (or a free-tool visitor) submit an email address, phone number, IP address, or domain for validation, we process that value to run the requested checks (syntax, DNS/MX, SMTP, carrier, geolocation, blocklists, etc.). Emails, phone numbers, and IP addresses can be personal data under GDPR/CCPA.
Account & API data. API keys (stored hashed), credit usage, request counts, and — once accounts are available — the email you register with.
Technical logs. Standard request metadata (timestamps, error traces) for reliability and abuse prevention.
2. How we use it
- To perform the validation or enrichment you request and return the result.
- To meter usage and enforce plan limits and rate limits.
- To maintain an aggregate reputation signal (e.g. how often a domain is disposable, or an IP is on a blocklist) that improves accuracy over time.
- To detect and prevent abuse, fraud, and service disruption.
We do not sell personal data, and we do not use lookup inputs for advertising.
3. Retention
- Result cache: short-lived per data type (email ~1 day, IP ~7 days, domain ~3 days, phone ~30 days).
- Bulk job inputs & results: purged after ~30 days.
- IP reputation records: purged after ~180 days (IPs are reassigned).
- Aggregate domain reputation: retained as it reflects domain-level (not individual) behaviour.
4. Third parties
To perform lookups we query public infrastructure such as DNS resolvers, DNS blocklists (DNSBLs), mail servers (SMTP), and public numbering data (NPA-NXX/carrier). We use Cloudflare for DNS/TLS/CDN. We host on a dedicated server. We do not share your lookup inputs with these parties beyond what is technically required to answer the query.
5. Security
All traffic is encrypted in transit (TLS). API keys are stored hashed (never in plaintext). The Service runs isolated from other applications on its own account with restricted permissions. No system is perfectly secure, but we apply defense-in-depth appropriate to the data we handle.
6. Your rights
Depending on your jurisdiction (e.g. GDPR/UK-GDPR, CCPA), you may have rights to access, correct, delete, or export personal data, and to object to or restrict processing. To make a request, email [email protected]. See our GDPR & Compliance page for details.
7. Data controller vs processor
When you submit third-party data (e.g. your customers' emails) through the API, you are the data controller and we act as a processor on your behalf; you are responsible for having a lawful basis to submit that data. For our own site and accounts, we are the controller.
8. Changes & contact
We may update this policy; material changes will be reflected in the "Last updated" date. Questions: [email protected].