Privacy Policy

We collect only what we need to provide the Service:

• Account data: name, email, password hash, OAuth provider IDs, IP and user agent of recent sessions.
• Billing data: subscription status and Stripe customer ID. Card numbers are stored only by Stripe; we never see them.
• Submitted email addresses: the addresses you submit for verification, the verdict we returned, the API key that made each call, and the timestamp.
• Operational logs: request IDs, error stack traces, and aggregate counters for rate limiting and quota enforcement.

We use the data above to:

• Provide deliverability verdicts and dedupe charges across the 30-month window.
• Bill subscriptions and enforce per-user / per-team quotas.
• Send transactional email (OTP codes, password resets, email changes, billing receipts).
• Investigate abuse and prevent fraud.
• Improve the Service via aggregated, de-identified usage metrics.

We do not sell your data, train AI models on it, or share it with advertisers.

Primary storage is Neon Postgres in US-East. Transactional email is delivered through Resend. Subscription billing flows through Stripe. Static assets are served from Vercel's edge network. Each subprocessor signs a DPA with us.

Verification records persist for the lifetime of your account so the 30-month dedup window works. Session rows expire 30 days after last activity. Logs are retained 90 days. On account deletion we purge personally-identifying fields and keep only anonymized aggregates needed for fraud prevention.

You may access, export, correct, or delete your data at any time by emailing privacy@mailtrue.io. EU and California residents have additional rights under GDPR and CCPA, including the right to lodge a complaint with a supervisory authority. We respond within 30 days.

We use one cookie: an HTTP-only, secure session cookie issued by Better Auth. We do not set tracking, analytics, or advertising cookies.

If you access the Service from outside the United States, you understand that your data is processed in the United States by us and our subprocessors. We rely on the Standard Contractual Clauses for EU data transfers.

The Service is not directed at children under 16. If you believe a child has provided us with personal information, contact privacy@mailtrue.io and we'll delete it.

We'll notify account administrators of material changes at least 30 days before they take effect. Continued use after the effective date constitutes acceptance.

Privacy questions: privacy@mailtrue.io. Postal mail: Spekt Inc., 5900 Balcones Drive, Suite 100, Austin, TX 78731.