Privacy Policy
Last updated · May 2026
This policy explains what ZenVerifier ("we", "us") collects from people who use the product, why we collect it, how long we keep it, and what choices you have. We are the data controller for personal data you provide to us when you create an account or upload a list.
What we collect
- Account data: name, work email, the workspace you create, and any preferences (notification opt-ins, plan).
- Verification lists: the email addresses in CSVs you upload or paste, plus the verification result we receive back from our processor.
- Billing data: Stripe handles your card details; we never see them. We store the Stripe customer / subscription IDs and the line items on your invoice.
- Operational metadata: timestamps, IP address at request time, browser user-agent — used for rate-limiting, fraud signals, and debugging.
What we don’t collect
- Card numbers, CVVs, or bank details. Stripe processes payments; we receive only an opaque customer ID.
- Behavioural data from third-party tracking pixels. We don’t run Facebook Pixel, LinkedIn Insight, or similar.
- Contents of your contacts beyond their email address. We don’t parse names, phone numbers, or other PII from CSVs we don’t need.
Why we collect it
We collect what we need to deliver the verification service, bill you correctly, prevent abuse, and respond to support requests. That’s the entire scope. We do not sell, rent, or share your data with advertisers, brokers, or unaffiliated third parties.
How long we keep it
| Type | Retention |
|---|---|
| Uploaded verification lists | Auto-deleted 30 days after upload (enforced by daily cron). On-demand delete anytime. |
| Single email checks (cache) | Kept indefinitely as a cache so re-checking the same address is free for you. Deletable on request. |
| Account + workspace data | Kept until you delete your workspace, or 12 months after your last activity. |
| Billing records | 7 years (legal requirement for tax records). |
| Audit logs | 2 years. |
Where it’s stored
Our application servers and database run on Vercel (US/EU). Verification processing runs on a GDPR-compliant verification engine in the EU. Transactional email is sent via Resend. Authentication is handled by Clerk. Each of these is a separate sub-processor with its own SOC 2 / GDPR posture; the full list is in our Data Processing Addendum.
Sub-processors we share data with
See the DPA for the current list and what each one receives. We update it when we add or change a sub-processor; if you have an active contract, we notify you of material changes 30 days in advance.
Your rights
- Access: request a copy of everything we hold about you.
- Correction: fix anything inaccurate.
- Deletion: delete your account and associated data (some billing records are retained for legal reasons; we tell you what stays).
- Portability: export your data in CSV / JSON.
- Object: stop us from processing your data for any specific purpose; this may end your ability to use the product.
To exercise any of these rights, email privacy@zenverifier.com. We respond within 30 days.
Cookies
We set first-party cookies for authentication (issued by Clerk) and session continuity. We don’t use third-party advertising cookies. The marketing site renders without analytics scripts; product analytics, when added, will be first-party and disclosed here.
Children
ZenVerifier is a B2B product. We don’t knowingly collect data from children under 16. If you believe a child has provided us with information, contact us and we’ll delete it.
Changes to this policy
We’ll update this page when our practices change and bump the "Last updated" date. Material changes (new sub-processors, expanded data collection, retention changes) get notified to active accounts via email at least 30 days before they take effect.
Contact
Questions about this policy or how we handle your data: privacy@zenverifier.com.