Privacy Policy

Effective date: 01/07/2026
Last updated: 01/07/2026

1. Who we are

EmailSleuth (“EmailSleuth”, “we”, “us”) is a spam-detection service for website forms, operated by Caspar de Roij, trading as “Email Sleuth” (ABN 78743223667), a sole trader based in Australia. We are the entity responsible for the personal information described in this policy, except where we act as a processor on behalf of our customers (see section 5).

Questions or requests about this policy or your personal information can be sent to [email protected].

2. Scope

This policy covers the EmailSleuth website, dashboard (account.emailsleuth.co), API, and WordPress plugin (together, the “Service”). It explains what we collect, why, who we share it with, how long we keep it, and the rights you have.

3. Information We Collect

Account information

When you create an account we collect your email address, and optionally your name and company name. Authentication is handled by Supabase Auth using Google sign-in or a one-time email link — we do not store passwords.

Data you submit for checking

The core function of the Service is to inspect email addresses submitted through your website forms. For each check we process the email address, and optionally the message content and form context you send us, in order to return a verdict. This data may relate to your website visitors — third parties whose personal information you are responsible for (see section 5).

Usage and technical information

We record check results, timestamps, the originating website domain, credit usage, and limited technical data (such as IP address for rate-limiting and abuse prevention). We keep anonymous, aggregated counters (for example, daily totals) that are not linked to individual email records.

Billing information

Payments are processed by Stripe. We do NOT collect or store your full card details — Stripe does. We retain your plan, subscription status, and a Stripe customer reference.

Support communications

If you contact support, we (and our helpdesk provider, Help Scout) process the content of your messages and your contact details to respond.

4. How We Use Your Information

  • To provide the Service — validating emails, returning verdicts, and showing your history.
  • To meter usage, process payments, and manage your subscription and credits.
  • To secure the Service — rate-limiting, fraud and abuse prevention, and debugging.
  • To provide support and respond to your requests.
  • To send you service and, where you have consented, product/marketing emails.

Where the GDPR or similar laws apply, our legal bases are: performance of a contract (providing the Service), legitimate interests (security, fraud prevention, and
improving the Service), consent (marketing email, which you can wil obligations (e.g. tax records).

5. Our Role — Controller And Processor

We are the controller of your account, billing, and usage information. For the email addresses and message content you submit for checking, those relate to your website visitors — you are the controller of that data, and we act it only to perform the checks you request and on your instructions. If you require a Data Processing Agreement, contact us at [email protected]. You are responsible for having a lawful basis to submit third parties’ personal information to us.

6. Who We Share It With (Subprocessors)

We do not sell your personal information, and we never share or pool data between customers. We use the following trusted providers to run the Service:

  • Supabase — Database & authentication — United States
  • Upstash (Redis) — Caching & rate-limiting — United States
  • MillionVerifier — Email mailbox verification — European Union
  • Stripe — Payments & billing — United States / global
  • Resend — Transactional & email delivery — United States
  • Sentry — Error monitoring (PII-scrubbed) — United States
  • Help Scout — Customer support & help center — United States
  • Fly.io / Vercel — Application hosting — United States

We may also disclose information if required by law, to protect outh a business transfer.

7. International Data Transfers

We are based in Australia, most of our providers are in the United States, and mailbox verification is performed in the European Union. This means your information (and the email addresses you submit) is transferred and processed on our providers’ contractual safeguards (such as Standard Contractual Clauses where applicable) to protect data in transit and at rest.

8. How Long We Keep It

Check history (the email addresses and content you submit) is reta and then permanently deleted. You can change this window or clearyour history at any time from your dashboard. Anonymous, aggregated statistics are kept indefinitely, as they are not linked to individual people. Account and billing records are retained for as long as your account is actived tax purposes.

9. Your Rights

You can, at any time:

  • Access your account data and export your check history from the
  • Correct your name and company details in Settings.
  • Delete your check history, or close your account entirely (which revokes your keys, and erases your data).
  • Withdraw consent to marketing email via Settings or the unsubscribe link.

Depending on your location you may also have rights under the GDPR, the CCPA, or the Australian Privacy Act (including the right to lodge a complaint with the Office of the Australian Information Commissioner, OAIC). To exercise any right, email [email protected].

10. Cookies & Similar Technologies

We use essential cookies to keep you signed in (set by Supabase Auth). Our support widget (Help Scout Beacon) may set cookies to operate. We do not currently use advertising cookies.

11. Security

We protect your information with encryption in transit, hashed API keys, access controls, PII scrubbing in our error monitoring, and per-customer data isolation.

No system is perfectly secure, but we take reasonable steps to protect your data.

12. Children

The Service is not intended for anyone under 16, and we do not knowingly collect their personal information.

13. Changes To This Policy

We may update this policy from time to time. Material changes will be notified via the dashboard or by email, and the “Last updated” date above will change.

14. Contact

Caspar de Roij trading as Email Sleuth · ABN 78743223667 · [email protected]