Introduction
VetoBounce ("we", "our", or "us") is committed to protecting your privacy and ensuring GDPR compliance. This Privacy Policy explains how we collect, use, process, and protect your personal data when you use our email verification and discovery services.
Legal Basis for Processing
We process personal data under the following legal bases as defined by GDPR Article 6(1):
- Legitimate Interest (Article 6(1)(f)): We process email addresses and related data as necessary for our legitimate business interest in providing email verification and discovery services. This processing is essential to our business model and reasonably expected by our customers.
- Contractual Necessity (Article 6(1)(b)): Processing is necessary to fulfill our contractual obligations to provide you with our services.
- Consent (Article 6(1)(a)): Where required, we obtain your explicit consent before processing certain types of data.
Data We Collect
Account Information
- Name and email address
- Password (encrypted)
- Billing information (processed by third-party payment providers)
- Account activity and usage statistics
Processing Data (Uploaded by You)
- Email addresses for verification
- Contact information (names, domains) for email discovery
- Uploaded CSV/Excel files
- API request data
Technical Data
- IP addresses
- Browser type and version
- Device information
- API usage logs
How We Use Your Data
- Service Delivery: To verify email addresses and discover professional email patterns as requested
- Account Management: To maintain your account and provide customer support
- Billing: To process payments and maintain transaction records
- Service Improvement: To analyze usage patterns and improve our platform (anonymized data only)
- Security: To detect and prevent fraud, abuse, and security threats
- Legal Compliance: To comply with applicable laws and regulations
Data Retention & Auto-Deletion
We take data minimization seriously and automatically delete processed data:
- Job Results: Automatically deleted 30 days after job completion
- Uploaded Files: Deleted immediately after processing is complete
- Account Data: Retained while your account is active, deleted upon account closure
- Transaction Records: Retained for 7 years for accounting and tax compliance (anonymized where possible)
- Logs: Technical logs retained for 90 days for security and troubleshooting
Our automated deletion system runs daily to ensure compliance with our retention policy. You can request immediate deletion of your data at any time (see Your Rights section below).
Data Sharing & Third Parties
We do not sell your personal data. We only share data with:
- Payment Processors: To process credit purchases (they have their own privacy policies)
- Cloud Infrastructure: Our hosting and database providers process data on our behalf under strict data processing agreements
- Legal Authorities: When required by law or to protect our legal rights
All third-party processors are GDPR-compliant and bound by data processing agreements.
Your Rights Under GDPR
As a data subject, you have the following rights:
Right to Access
Request a copy of all personal data we hold about you
Right to Rectification
Correct inaccurate or incomplete personal data
Right to Erasure
Request deletion of your personal data ("right to be forgotten")
Right to Restrict Processing
Limit how we process your data under certain circumstances
Right to Data Portability
Receive your data in a machine-readable format
Right to Object
Object to processing based on legitimate interests
To exercise any of these rights, contact us at privacy@vetobounce.com We will respond within 30 days as required by GDPR.
Data Security
We implement industry-standard security measures to protect your data:
- SSL/TLS encryption for all data in transit
- AES-256 encryption for data at rest
- Regular security audits and penetration testing
- Access controls and authentication (API keys, IP whitelisting)
- Secure data centers with physical security measures
- Regular backups with encrypted storage
- Employee training on data protection and privacy
International Data Transfers
Our servers are located in [EU/US - specify your location]. If we transfer data outside the EU, we ensure adequate protection through:
- EU Standard Contractual Clauses (SCCs)
- Data Processing Agreements with all processors
- Adherence to EU-US Privacy Shield principles (where applicable)
Cookies & Tracking
We use essential cookies for:
- Authentication and session management
- Remembering your preferences
- Security and fraud prevention
We do not use advertising or tracking cookies. Analytics are performed with anonymized data only.
Children's Privacy
Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify affected users within 72 hours
- Report to relevant supervisory authorities as required
- Provide clear information about the breach and recommended actions
- Take immediate steps to mitigate the breach
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice on our platform. Continued use of our services after changes indicates acceptance of the updated policy.
Supervisory Authority
If you believe we are not complying with GDPR or your data protection rights, you have the right to lodge a complaint with your local data protection authority.
For EU users, you can find your supervisory authority at: https://edpb.europa.eu/about-edpb/board/members_en
Contact Us
For privacy-related questions, data requests, or to exercise your rights: