Privacy Policy

1. Purpose

This Privacy Policy (the "Privacy Policy") is provided by Netrows Labs SL, NIF: B26747097, registered office at CL Venda des Cap 1796 3, 07860 Formentera, Illes Balears, Spain (the "Company").

This Privacy Policy illustrates the commitment of the Company with regard to respecting your privacy and protecting your personal data from the following website: https://emailfinder.dev/ (the "Site").

The Site notably allows you to: Have detailed information about the operations of emailfinder.dev; Obtain information on the pricing of the emailfinder.dev service; Have access to API documentation; Have access to a support service; Have access to a dashboard; Create an account and a user space; Access professional email addresses through our API.

For any questions about this Privacy Policy and the processing of your personal data, you can contact the Company at the following email address: privacy@emailfinder.dev or at the registered office postal address.

2. Processing of Your Personal Data

2.1. Description of the processing of your personal data

The main purpose of collecting your personal data is to offer you a safe, optimal, efficient and personalized experience. To this end, you agree that we may use your personal data to: provide our services and facilitate execution, including verifications concerning you; resolve any issues to improve the use of our Site and our services; personalize, evaluate and improve our services, content and materials; analyze the volume and history of your use of our services; prevent, detect and investigate potentially prohibited, illegal or contrary to good practices activities and ensure compliance with our Terms of Service; comply with legal and regulatory obligations.

We use personal data submitted to us only in compliance with applicable data protection laws.

For our customers who have registered on our Site, we process your personal data for the performance of the contract concluded between us for the provision of our services.

In accordance with current laws and regulations, the Company, acting as the data controller, collects some of your personal data during your visit to the Site: Email address; First and last name; Company name; Login credentials; Password (encrypted); Country; Bank details (processed by Stripe, not stored by us).

When using our services, the following data is collected and managed: API usage logs and statistics; Credit purchase history; Support messages.

When you connect to the Site, the Company also collects the following personal data: Your connection logs; Your IP address; Your browser and device information.

The submitted data must not include sensitive personal data, such as government identifiers (i.e. social security numbers, driver's license or taxpayer identification numbers), full credit card or personal bank account numbers, medical records, or details related to requests for care or treatment associated with individuals.

Data Processing Table — Purpose: Reception and management of contact requests | Legal Basis: Based on your consent | Retention Period: Until consent is withdrawn or 3 years from last contact.

Purpose: Management of data subject rights requests | Legal Basis: Necessary to respond to your requests | Retention Period: Up to 1 year from your request.

Purpose: Payment processing | Legal Basis: Execution of contractual relationship | Retention Period: 13–15 months for card details (processed by Stripe).

Purpose: Account management and API access | Legal Basis: Execution of contractual relationship | Retention Period: Duration of contract + 5 years.

Purpose: Customer support and service improvement | Legal Basis: Execution of contractual relationship | Retention Period: Duration of contract + 5 years.

Purpose: Fraud prevention and security | Legal Basis: Legitimate interest of the Company | Retention Period: 3 years from end of relationship.

Purpose: Legal and regulatory compliance | Legal Basis: Legal obligation | Retention Period: 5 years from end of relationship.

2.2. Recipients / Transfers of Your Personal Data

Access to your personal data is restricted to those individuals who need your personal data in order to fulfill the specific purpose of the processing. Your personal data may also be communicated by the Company to third parties: if the law or a legal procedure requires the Company to share your personal data; in response to the request of a public or judicial authority; when the Company considers that the transmission of your personal data is necessary or appropriate to ensure the safety of individuals or to protect the public.

Your personal data is transmitted to the following service providers: Supabase (Database and authentication — SOC 2 Type II certified); Vercel (Hosting and CDN — SOC 2 Type II certified); Stripe (Payment processor — PCI-DSS Level 1 certified).

Therefore, your personal data may be subject to transfer outside the European Economic Area to the United States. All service providers listed above have appropriate data transfer mechanisms in place.

The Company ensures a level of protection of your personal data identical to the level of protection provided by the application of the GDPR. We use Standard Contractual Clauses (SCCs) approved by the European Commission for all international data transfers. For more details, see our Data Processing Agreement.

2.3. Security

As part of its services, emailfinder.dev attaches the utmost importance to the security and integrity of its clients' personal data.

In accordance with the GDPR, emailfinder.dev shall take all relevant precautions to preserve the security of data and, in particular, to protect them against any accidental or unlawful destruction, accidental loss, corruption, circulation or unauthorized access, as well as against any other form of unlawful processing or disclosure to unauthorized persons.

emailfinder.dev implements industry-standard security measures including: TLS 1.3 encryption for all data in transit; AES-256 encryption for all data at rest; API keys hashed with bcrypt (never stored in plaintext); Row Level Security (RLS) in database; Regular security audits and updates.

Despite this, there is no absolute security. In the event that a security breach may affect you, emailfinder.dev shall inform you immediately and make its best efforts to take all possible measures to neutralize the intrusion and minimize the impacts.

For more details about our security measures, please see our Security Policy.

2.4. Your Rights Over Your Personal Data

You have the following rights over your personal data:

Rights of Access and Rectification — You can request access to your personal data. You can also request the rectification of your personal data that would be inaccurate or for your incomplete personal data to be completed. You also have the right to know the origin of your personal data.

Right to Erasure — You can request the deletion of your personal data when: Your personal data are no longer necessary for the purposes for which they were processed; You have chosen to withdraw your consent; You have objected to the processing of your personal data; Your personal data have been unlawfully processed; Your personal data must be erased to comply with a legal obligation. You can delete your account directly from your dashboard settings.

Right to Object — You can object to the processing of your personal data in compliance with the legal obligations imposed on the Company.

Right to Restriction — You can request the restriction of processing of your personal data if you contest the accuracy of your personal data, the Company no longer needs your personal data for processing purposes, or you have objected to the processing of your personal data.

Right to Portability — You can ask the Company to provide you with your personal data in a structured, commonly used, machine-readable format (JSON), or request that they be "ported" directly to another data controller.

Right to Withdraw Your Consent — You can withdraw your consent to the processing of your personal data at any time. The withdrawal of your consent only applies to the future and does not affect the lawfulness of processing carried out before your withdrawal.

Right to Lodge a Complaint — If you have concerns or complaints regarding the protection of your personal data, you have the right to file a complaint with your local data protection authority.

You can exercise the aforementioned rights by contacting us: via email at: privacy@emailfinder.dev or at the following postal address: Netrows Labs SL, CL Venda des Cap 1796 3, 07860 Formentera, Illes Balears, Spain.

To enable the Company to process your request as quickly as possible, please specify the subject and context in which your personal data were processed. In case of reasonable doubt about your identity, the Company may ask you to provide a valid copy of an identification document.

2.5. Third-Party Data

As part of the use of our services, namely professional email address discovery through our API, emailfinder.dev provides access to publicly available professional email addresses via SMTP verification and pattern matching.

Under no circumstances does emailfinder.dev sell, share or rent data to third parties for purposes other than those set out in this policy and our Terms of Service.

As the user of our API services, you are considered the data controller within the meaning of the GDPR, and emailfinder.dev acts as the data processor. In this capacity, you are responsible for: Complying with all applicable data protection regulations, including GDPR and CCPA; Ensuring you have a lawful basis for processing the personal data you obtain; Providing appropriate privacy notices to data subjects; Responding to data subject rights requests; Not using the data for unlawful purposes or spam.

For more details about data processing responsibilities, please see our Data Processing Agreement.

2.6. Cookies

emailfinder.dev uses only essential cookies that are strictly necessary for the website to function properly. We do not use any tracking, analytics, or advertising cookies.

Essential cookies we use: Authentication Cookies — Used by Supabase to maintain your login session; Security Cookies — Used by Cloudflare to protect against bots; Payment Cookies — Used by Stripe to securely process payments.

These cookies are essential for the website to work and cannot be disabled. For more details, see our Cookie Policy.

2.7. Storage Location and Data Transfers

The host servers on which emailfinder.dev processes and stores its databases are provided by Supabase (AWS infrastructure) and may be located in the United States or other regions.

All international data transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission.

emailfinder.dev will immediately inform you, to the extent legally permitted, of any request or order from an administrative or judicial authority concerning your personal data.

2.8. Language

This Privacy Policy is written in English. Should it be translated into one or more foreign languages, only the English version shall be deemed authoritative in the event of a dispute.

2.9. Privacy Policy Changes

emailfinder.dev reserves the right to update this privacy policy at any time, particularly in response to changes in applicable laws and regulations. Any changes will be notified to you via our website or by email, where possible, at least thirty (30) days before the changes take effect. We recommend that you check these rules from time to time to stay informed about our procedures and rules regarding your personal information.

3. Limitation of Liability

This Privacy Policy is provided for informational purposes. Any claims arising from or related to this Privacy Policy, data processing, or data protection shall be subject to the liability limitations set forth in our Terms of Service, including but not limited to the liability cap and exclusion of indirect, consequential, and punitive damages.

In particular, emailfinder.dev's liability for any claims related to data processing, data breaches, or privacy violations shall not exceed the greater of (i) €10,000 or (ii) the total amount paid by Customer to emailfinder.dev in the twelve (12) months preceding the event giving rise to the liability claim, as set forth in Section 13.5 of the Terms of Service.

For the avoidance of doubt, the liability limitations in the Terms of Service apply to all claims, whether arising under contract, tort, or otherwise, including claims related to data protection, privacy, or security.