Privacy Policy
Last Updated: July 9, 2025
1. Introduction
UserCheck is committed to protecting your privacy. This policy explains how we collect, use, and protect your information.
2. Our Role
- As Data Controller: When handling your account, billing, and support communications
- As Data Processor: When processing email addresses submitted through our API on behalf of our customers
3. Information We Collect
We collect two types of data:
- Account Data: Name, email address, and billing information for registered users
- Payment Information (via Paddle): we receive a transaction ID, billing country, and the last four digits of your card. Full card data is handled exclusively by Paddle.com Market Limited.
- API Data: Email addresses and domains submitted for validation, along with IP addresses, user agents, and timestamps for security and debugging
4. How We Use Your Information
Purpose |
Legal Basis |
Providing API services |
Contract |
Security and fraud prevention |
Legitimate interest |
Marketing (if opted-in) |
Consent |
5. Cookies
We use essential cookies for session management and Fathom Analytics for privacy-friendly website analytics (no cookies required).
6. Data Sharing
We use carefully selected third-party services to operate UserCheck. See our current subprocessor list.
7. International Transfers
Data is primarily stored in the EU (AWS eu-west-1). When data is transferred outside the EU, we rely on Standard Contractual Clauses (SCCs) to ensure protection.
8. Security
Data is encrypted in transit via TLS 1.3 and encrypted at rest by our database provider, PlanetScale (SOC 2 Type 2).
9. Data Retention
- API logs: Retained in raw form for 90 days, then anonymized and kept for service analytics.
- Backups: Purged within 90 days
- Billing records: Paddle stores full payment details in accordance with tax law; we keep invoices and minimal transaction metadata for 7 years.
- Account data: Kept while account is active
10. Your Rights
Under GDPR, you have rights to:
- Access your data
- Correct inaccuracies
- Delete your data
- Restrict processing
- Data portability
- Object to processing
Contact [email protected] to exercise these rights.
11. Children's Privacy
Our services are not for children under:
- 16 in the EEA, UK, and Switzerland
- 13 in the US and other jurisdictions
We don't knowingly collect data from children below these ages.
12. Data Breach Notification
See Data Processing Agreement Section 6 for breach notification procedures.
13. Changes to This Policy
We review this policy annually and will notify registered users via email of any material changes.
14. Contact Information
15. EU Representative
Unicycle OÜ
Lõõtsa tn 2a, 11415 Tallinn, Estonia
Email: [email protected]