Last updated: 10 May 2026 · Effective immediately
MailGuard is built to be privacy-respecting by design. We collect the minimum data necessary to run the service, store it in India, and never sell it.
We collect information you provide directly when you create an account — including your name, email address, and payment information. When you use MailGuard to verify email addresses, we log those verifications along with the result, timestamp, and your account ID. We also collect standard server logs including IP addresses and browser type for security and debugging purposes.
We use your information to provide the email verification service, process payments, generate GST invoices, send service-related communications (credit alerts, usage reports), and improve the product. We do not sell your personal information or the email addresses you verify to any third party.
All data is stored on servers located in India (Supabase Mumbai region and Hetzner Falkenstein for compute). We do not transfer your personal data outside India except as required to process payments via Razorpay, which is an Indian company and DPDP-compliant.
Email addresses submitted for verification are processed in real-time and cached for up to 30 days to improve performance and reduce your credit usage. These addresses are stored encrypted at rest and are not shared with third parties. Verified email data is associated with your account for your usage history and analytics.
We use essential cookies for authentication (Firebase Auth session tokens). We do not use advertising cookies or third-party tracking pixels. We do not use Google Analytics or any behavioural tracking service. Our analytics are limited to aggregate usage metrics on our own infrastructure.
API keys are stored as SHA-256 hashes — we cannot recover your raw key if lost. You are responsible for keeping your API keys secure. Do not expose them in client-side code or public repositories. You can revoke and regenerate keys at any time from your dashboard.
Verification logs are retained for 12 months from the date of the check. Account data is retained for the duration of your account. On account deletion, all personal data and verification history is permanently deleted within 30 days. Cached verification results are retained for up to 30 days regardless of account status.
Under India's Digital Personal Data Protection Act 2023, you have the right to access your personal data, correct inaccurate data, erase your data (right to be forgotten), and nominate a representative to exercise these rights. To exercise any of these rights, email privacy@mailguard.in with your request. We will respond within 30 days.
For privacy-related queries, email privacy@mailguard.in. For general support, email support@mailguard.in. Our registered address is available on request.