Privacy Policy

MailVerify is a trading name of Bruce Media Group Ltd ("we", "us", "our"), a company registered in England and Wales (Company No. 16061949). Our ICO registration number is ZC112021. Our registered address is available on Companies House.

We are the data controller for personal data you provide to us directly. Where you use our API to verify email addresses belonging to third parties, you are the data controller and we act as your data processor under a Data Processing Agreement (DPA).

We collect and process the following categories of data:

• Account data: name, email address, company name, and password hash when you register.
• Billing data: VAT number, billing address. Payment card details are handled solely by our payment processor (Stripe) — we never see or store raw card numbers.
• API usage data: API key identifiers (stored as SHA-256 hashes), request timestamps, verification results, and credit consumption.
• Email addresses you submit for verification via the API or dashboard.
• Technical data: IP addresses, browser type, and device information collected via logs.
• Communications: messages you send to our support team.

We use your data to:

• Provide, operate, and improve the MailVerify service.
• Authenticate your account and API requests.
• Process payments and manage your subscription.
• Send transactional emails (account creation, billing receipts, API key rotation alerts).
• Respond to support requests.
• Comply with legal obligations, including UK GDPR, HMRC requirements, and ICO obligations.
• Detect and prevent fraud, abuse, and misuse of the platform.

We do not use your email lists for any purpose other than performing the verification you requested. We do not sell, rent, or share your data with third parties for marketing.

• Contract: processing necessary to perform our contract with you (providing the service).
• Legitimate interests: fraud prevention, platform security, and improving service quality.
• Legal obligation: retaining records required by UK law.
• Consent: where we ask for it explicitly (e.g. marketing communications).

We retain account and billing data for 7 years after account closure to comply with HMRC requirements. We do not store verification addresses or results after a check completes: we use in-memory processing and a short-lived Redis job queue that is cleared once your result is delivered. We do not cache verification outcomes. Questions about personal data we hold about you (for example your account) can be sent to [email protected].

We do not build or retain lists of verified addresses.

All data is stored on servers physically located in the United Kingdom. We do not transfer personal data outside the UK or European Economic Area. Our infrastructure is hosted on UK-region cloud providers.

We share data with the following categories of sub-processors, all operating under GDPR-compliant agreements:

• Stripe Inc. — payment processing (UK/EU data centres).
• Infrastructure and hosting providers — UK region only.
• Email delivery provider — transactional emails only.

We may disclose data if required by law, court order, or a lawful request from a UK regulatory authority.

Under UK GDPR you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate data.
• Erasure (“right to be forgotten”) — subject to legal retention requirements.
• Restrict or object to processing.
• Data portability.
• Withdraw consent at any time (where processing is consent-based).
• Lodge a complaint with the ICO at ico.org.uk.

To exercise any right, email [email protected]. We will respond within 30 days.

We use only essential cookies required for authentication sessions. See our Cookie Policy for details.

We employ industry-standard security measures including encryption in transit (TLS 1.2+), hashed API keys, and regular security audits. See our Security page for details.

For privacy queries or to exercise your rights, contact us at [email protected]. If you are not satisfied with our response you have the right to complain to the Information Commissioner's Office.