Security

Last Update: April 2026

Email-Check.app is built to validate email data without turning that data into a marketing list, resale dataset, or unrelated product asset. We use layered controls to protect account access, API requests, billing data, and operational logs.

Security reviews

We review the application, infrastructure, dependencies, and operational controls regularly. Security reviews may include code review, dependency scanning, configuration review, access review, and targeted testing of exposed services. Enterprise customers can contact us for the current security questionnaire and review materials available for their procurement process.

How validation data is handled

• Validation requests are processed to return syntax, domain, MX, SMTP, and risk signals.
• We avoid retaining raw submitted email addresses longer than needed to provide and secure the service.
• Operational logs are limited to diagnostics, abuse prevention, billing, and reliability needs.
• Access to production systems is restricted to authorized team members with a business need.

Deleting account and removing data

You can request account deletion and removal of associated personal data. Some records may be retained only when needed for security, billing, fraud prevention, legal obligations, or dispute handling. Learn more here.

Technical controls

• Modern TLS is used for data in transit between browsers, customers, and our services.
• Managed infrastructure encryption is used for storage where supported by the platform.
• Infrastructure as code: all our infrastructure services are deployed using declarative configuration, and infrastructure changes are versioned.
• Code changes are reviewed before production release.
• Dependencies and runtime services are monitored for known vulnerabilities and patched based on severity.
• API keys can be revoked and rotated from the account area.

Security contact

Please send security questions or vulnerability disclosures to security@email-check.app