How we protect your data
When you upload your email list to Valid Email Checker, you are trusting us with valuable data. We do not take that lightly. This page explains exactly how we protect your information — no vague promises, just specifics about what we do.
Enterprise cloud infrastructure
Valid Email Checker runs on Vercel for the application layer and Supabase for the data layer. Both of those run on AWS, the same provider trusted by banks, governments, and Fortune 500 companies. We inherit the physical security, network security, and operational security that AWS invests billions in every year — without trying to replicate it ourselves.
What this means for you: your verification requests are processed quickly, reliably, and securely, regardless of where you are.
Data encryption
Your email lists are encrypted both in transit and at rest.
Encryption in transit (TLS)
Every connection to Valid Email Checker is protected by TLS encryption. The padlock icon in your browser when you visit our site means all data between your computer and our servers is encrypted in transit. No one can intercept or read it in flight.
This applies to:
- File uploads
- API requests
- Dashboard access
- Account information
Encryption at rest (AES-256)
When your data is stored on our servers, it is protected by AES-256 encryption — the same standard used by banks, military organizations, and government agencies worldwide. Your email lists do not sit on our servers in plain text. They are encrypted the moment they arrive and stay encrypted until they are deleted.
Automatic data deletion
We do not keep your data any longer than necessary.
15-day retention policy
All uploaded files and verification results are automatically deleted after 15 days. This gives you plenty of time to:
- Review your results
- Download your cleaned list
- Re-download if needed
After 15 days, the data is gone. Not archived, not moved to backup. Permanently deleted.
Manual deletion anytime
Do not want to wait 15 days? You can delete your files immediately:
- Go to Uploads & Results in your dashboard
- Find the file you want to remove
- Click the Delete button
Your data is erased instantly and permanently.
Why we do this
Some services keep your data indefinitely. We think that is unnecessary and risky. The longer data exists, the greater the chance something goes wrong — a breach, a leak, an unauthorized access. By auto-deleting after 15 days, we minimize risk for both you and us. You uploaded your list to verify it, not to store it with us forever.
We never share or sell your data
Plain English: we will never sell, share, rent, or trade your email lists with anyone. Not with marketing companies. Not with data brokers. Not with partners. Not with anyone.
Your data is yours. We verify it and give you the results. That is the extent of our relationship with your information.
No third-party access
We do not give third parties access to your email lists. The only people who can see your data are you (through your account) and our verification systems (to process your request).
No data mining
We do not analyze your lists for marketing purposes. We do not build profiles based on your contacts. We do not use your data for anything other than verification.
We never email your contacts
Some verification services send test emails to addresses on your list. That is invasive and can hurt your sender reputation.
Valid Email Checker never sends a single email to any address you upload. Our verification process uses:
- SMTP handshakes
- Server checks
- Domain verification
- MX record analysis
These techniques verify addresses without sending anything. Your contacts will never know they were verified.
Account security features
Beyond protecting your data, we help you protect your account.
Two-factor authentication (2FA)
Add an extra layer of security with 2FA. When enabled, you need both your password and a verification code to log in. Even if someone gets your password, they cannot access your account without the second factor. We support:
- Google Authenticator (or any TOTP app) — App-based codes
- Email codes — One-time codes sent to your account email
See How to enable 2FA for the step-by-step.
Session management
View and manage all active sessions on your account from Account Settings → Security. See something suspicious? Log out of any session remotely. Especially useful if you:
- Forgot to log out on a shared computer
- Lost a device
- Notice unfamiliar login activity
Secure password requirements
We enforce minimum password length and never store passwords in plain text. Passwords are hashed using industry-standard one-way hashing — we cannot read them even if we wanted to.
Full account deletion
Want to leave? You can delete your account yourself — no need to contact support.
How to delete your account
- Go to Account Settings → Profile
- Scroll to the bottom of the page
- Click the red Delete My Account button
- A confirmation popup appears
- Type DELETE to confirm
- Click the Delete button
Your account is permanently deleted.
What gets deleted
- Your profile information
- Your verification history
- Your uploaded files and results
- Your credits (unused credits are forfeited)
- Your billing records (except what we are legally required to retain)
Security through our infrastructure providers
AWS, which underpins both Vercel and Supabase, maintains:
| Certification | What it means |
|---|---|
| ISO 27001 | International standard for information security management |
| SOC 2 Type 2 | Independent audit of security, availability, and confidentiality controls |
| PCI DSS | Payment Card Industry Data Security Standard compliance (relevant since we accept card payments via Stripe, also PCI-compliant) |
| GDPR | European Union data protection regulation compliance |
These certifications require regular audits, documented procedures, and continuous monitoring — verified by independent third parties, not self-declared.
Privacy-first approach
We follow data protection best practices aligned with major privacy regulations.
Data minimization
We only collect what is necessary to provide our service. We do not ask for information we do not need, and we do not keep data longer than required.
Purpose limitation
Your email lists are used for one purpose: verification. We do not repurpose your data for marketing, analytics, or anything else.
Transparency
We are upfront about our practices. This page exists because we believe you have the right to know exactly how your data is handled.
User rights
You have control over your data:
- Access — View what data we have about you
- Correction — Update inaccurate information
- Deletion — Remove your data anytime
- Portability — Download your verification results
What about the emails themselves?
You might wonder: do we actually look at the addresses you upload?
Our systems process your email addresses automatically to verify them. This is necessary — we cannot verify an email without knowing what it is. However:
- No human reviews your lists manually
- We do not analyze the content of your lists
- We do not build databases from your contacts
- Everything is deleted after 15 days (or sooner if you delete it)
The verification process is automated, and your data is treated as confidential throughout.
The bottom line
| Protection | How we do it |
|---|---|
| Infrastructure | Vercel + Supabase on AWS |
| Encryption in transit | TLS on all connections |
| Encryption at rest | AES-256 |
| Data retention | 15 days, then automatic deletion |
| Manual deletion | Delete your files anytime, instantly |
| Data sharing | Never — we do not sell or share your lists |
| Email to contacts | Never — we verify without sending |
| Account security | 2FA, session management, secure passwords |
| Account deletion | Full erasure available from your dashboard |
Security is the foundation, not an afterthought.
Questions?
Related questions
Still stuck? Email support