Privacy Policy

We collect information in three ways: (a) information you provide directly, (b) information we collect automatically when you use our services, and (c) information derived from the email lists and domains you submit for verification.

Account and Registration Data

When you create an account, we collect your name, email address, company name, job title, and billing information. This data is necessary to perform our contract with you under GDPR Article 6(1)(b).

• Identifiers: Name, email address, account username, IP address at sign-up
• Commercial information: Purchase history, credit balance, subscription tier, invoice records
• Professional data: Company name, industry, job title (provided voluntarily)

Usage and Technical Data

We automatically collect technical information when you interact with our platform, including:

• Log data: IP address, browser type, operating system, referring URLs, pages visited, timestamps
• Device identifiers: Browser fingerprint, session token, cookie identifiers
• API usage: API endpoint calls, credit consumption, response latency, error codes

Verification Input Data

When you submit email addresses for verification, those addresses are processed by our SMTP probing infrastructure. We do not send any email to the addresses you submit. Our system connects to the mail server, checks deliverability status, and disconnects — no message is ever delivered. This input data is processed solely to return verification results and is not used to build marketing profiles or sold to third parties.

We use the personal data we collect for specific, legitimate purposes. The legal basis for each processing activity is identified below in accordance with GDPR Article 13.

Service Delivery (Contractual Necessity — Article 6(1)(b))

• Creating and maintaining your account
• Processing email verification requests and returning results
• Deducting credits and managing your usage balance
• Providing access to the Verifox dashboard, API, and integrations

Billing and Legal Compliance (Legal Obligation — Article 6(1)(c))

• Processing payments and issuing invoices via our payment processor (Stripe)
• Complying with tax, accounting, and financial reporting obligations
• Responding to lawful government requests or court orders

Legitimate Interests (Article 6(1)(f))

• Preventing fraud, abuse, and unauthorised API access (FoxGuard fraud detection)
• Analysing aggregated usage patterns to improve platform performance
• Sending transactional emails such as low-credit alerts and verification reports
• Enforcing our Terms of Service

Consent (Article 6(1)(a))

Where you have opted in, we may send marketing communications about new features, product updates, and related Verifox services. You may withdraw consent at any time by clicking "unsubscribe" in any marketing email or by emailing support@verifox.ai.

We do not sell personal data. We do not share personal data with third parties for their own advertising purposes. We disclose data only in the limited circumstances described below.

Service Providers (Sub-processors)

We engage third-party service providers who process data on our behalf. All sub-processors are bound by Data Processing Agreements (DPAs) that restrict their use of data to service delivery only. See our full Subprocessors List for details.

Business Transfers

If Verifox undergoes a merger, acquisition, or asset sale, personal data may be transferred to the successor entity. We will notify affected users via email and prominent notice on our website at least 30 days before any such transfer.

Legal Requirements

We may disclose personal data if required to do so by law, court order, or governmental regulation, or if we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of Verifox, our users, or the public. We will attempt to notify you of such requests unless legally prohibited.

Aggregate and De-identified Data

We may share aggregate, anonymised, or de-identified data that cannot reasonably be used to identify any individual. Such data may be used for industry research, benchmarking, or public reporting on email infrastructure trends.

Verifox is headquartered in San Francisco, California, USA, and our infrastructure is hosted in data centres across the United States and the European Union. If you are located in the EU, EEA, UK, or Switzerland, your personal data is transferred to the United States, which may not provide the same level of data protection as your home country.

Transfer Mechanisms

We rely on the following mechanisms to ensure lawful transfers of personal data from the EU/EEA to the United States:

• Standard Contractual Clauses (SCCs): We incorporate the EU Commission's Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) into all DPAs with sub-processors established outside the EEA.
• EU-U.S. Data Privacy Framework: Where applicable, we rely on the EU-U.S. Data Privacy Framework certification for qualifying transfers.
• Swiss nFADP transfers: For transfers from Switzerland, we apply the updated SCCs as recognised by the Swiss Federal Data Protection and Information Commissioner (FDPIC).

For more detail, see our EU & Swiss Privacy Policy.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law.

Retention Schedule

• Account data: Retained for the duration of your account plus 3 years after closure, to comply with financial record-keeping obligations.
• Verification input data (email addresses you submit): Deleted from active systems within 90 days of processing. Anonymised verification statistics (counts, rates) may be retained indefinitely.
• API logs: Retained for 12 months for debugging and abuse prevention, then purged.
• Billing records: Retained for 7 years in accordance with US tax law and EU VAT requirements.
• Marketing consent records: Retained until consent is withdrawn plus 2 years thereafter.

When data is deleted, we ensure it is also removed from all backups within the next scheduled backup rotation cycle (maximum 90 days).

Depending on your jurisdiction, you have the following rights regarding your personal data. To exercise any of these rights, submit a request to support@verifox.ai. We will respond within 30 days (or within 45 days for complex requests, with notice of the extension).

Rights Under GDPR (EU/EEA/UK/Switzerland)

• Right of access (Article 15): Obtain a copy of your personal data.
• Right to rectification (Article 16): Correct inaccurate or incomplete data.
• Right to erasure (Article 17): Request deletion of your data in certain circumstances.
• Right to restriction (Article 18): Limit processing in certain circumstances.
• Right to data portability (Article 20): Receive your data in a structured, machine-readable format.
• Right to object (Article 21): Object to processing based on legitimate interests or direct marketing.
• Rights related to automated decision-making (Article 22): We do not make solely automated decisions with legal or similarly significant effects.

Rights Under CCPA/CPRA (California)

See our California Privacy Rights page for a complete list of your rights under California law.

How to Lodge a Complaint

If you are dissatisfied with our response, you have the right to lodge a complaint with your local supervisory authority. In the EU, this includes the relevant national Data Protection Authority. In the Netherlands (our EU entity): Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl). In the UK: the Information Commissioner's Office (ico.org.uk). In Switzerland: the Federal Data Protection and Information Commissioner (edoeb.admin.ch).

We take the security of your personal data seriously. For full details of our security practices, see our Security Policy. In summary:

• All data in transit is encrypted using TLS 1.2 or higher.
• Data at rest is encrypted using AES-256.
• We maintain a SOC 2 Type II audit programme conducted annually by an accredited third-party auditor.
• Access to production systems is restricted to authorised personnel via multi-factor authentication.
• We conduct regular penetration tests and vulnerability assessments.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and will notify affected individuals without undue delay, in accordance with GDPR Articles 33–34. To report a security vulnerability, contact support@verifox.ai.

We use cookies and similar tracking technologies on our website and platform. For full details, including how to manage your preferences, see our Cookie Policy.

In summary, we use: (a) strictly necessary cookies required for the platform to function, (b) analytics cookies to understand how users interact with our services, and (c) preference cookies to remember your settings. We do not use third-party advertising or behavioural tracking cookies.

Verifox is a B2B platform intended for use by businesses and professionals. We do not knowingly collect personal data from individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). If we become aware that we have inadvertently collected personal data from a minor, we will delete it promptly. If you believe a minor has provided us with personal data, please contact support@verifox.ai.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (using the address associated with your account) and by posting a prominent notice on our website at least 14 days before the changes take effect. The "Last Updated" date at the top of this page reflects the date of the most recent revision.

Your continued use of the Verifox platform after the effective date of any changes constitutes your acceptance of the revised policy. If you do not agree with any changes, you may close your account before the changes take effect.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• General privacy inquiries: support@verifox.ai
• EU/EEA DPO: support@verifox.ai — Verifox EU B.V., Herengracht 282, 1016 BX Amsterdam, Netherlands
• Legal matters: support@verifox.ai
• Security issues: support@verifox.ai
• Postal address: Verifox, Inc., 548 Market St PMB 12345, San Francisco, CA 94104, USA