Security & compliance
We treat the lists you verify as sensitive data. This page summarizes how that data is handled.
Data handling
Section titled “Data handling”- In transit: all API and dashboard traffic is served over HTTPS/TLS.
- At rest: uploaded lists and results are encrypted at rest.
- Retention: verification data is retained for
[retention period]and can be deleted on request. Bulk files can be removed from the dashboard at any time. - We don’t sell your data or use your lists to build shared databases.
Access control
Section titled “Access control”- Scope access with per-environment API keys and team roles.
- Rotate or revoke keys immediately if one is exposed.
- Use the publishable widget key (not your secret key) in any browser code.
Compliance
Section titled “Compliance”VerifyMaill is built to support [GDPR / applicable] obligations. A Data
Processing Agreement (DPA) is available on request.
For a DPA, security questionnaire, or details of current certifications, contact team@verifymaill.com.
Reporting a vulnerability
Section titled “Reporting a vulnerability”Found a security issue? Please email team@verifymaill.com with details so we can investigate. Please don’t disclose it publicly until we’ve had a chance to respond.