Skip to content
Back to Home

Privacy Policy

Last updated: March 27, 2026

PricklyMails is committed to protecting your privacy. This policy explains what data we collect, how we use it, and the choices you have. We believe in transparency and data minimalism: we collect only what is strictly necessary to provide the service.

Data Controller

The data controller is Hugo Deltour, operating as PricklyMails. For any data-related inquiries, contact hugodeltour.pro@gmail.com.

Data We Collect

We collect the following categories of data:

  • Email verification data: Email addresses submitted for verification are processed in memory, verified, and immediately discarded. No verified email address is ever stored. Only irreversible hashes of domain names are retained for aggregate statistics.
  • Account data: When you create an account, we store your email address (for authentication) and a hashed version of your password (Argon2id). We never store passwords in plain text.
  • Usage data: API call counts, credit consumption, and error rates for billing and service monitoring. No email content is included in usage logs.
  • Waitlist data: If you join our waitlist, we store your email address and the date you signed up so we can notify you when the service launches.

How We Use Your Data

  • Provide, maintain, and improve the email verification service.
  • Process billing, manage your account, and enforce usage limits.
  • Send transactional emails (account confirmation, waitlist updates, billing receipts).
  • Prevent abuse, fraud, and unauthorized access to the service.

Data Retention

Email verification data: zero retention. Emails pass through the verification pipeline and are immediately discarded. Only irreversible hashes of domain names are kept for aggregate statistics.

Account data: retained for as long as your account is active. Upon account deletion, all personal data is permanently removed within 30 days.

Security

We implement industry-standard security measures to protect your data:

  • Passwords hashed with Argon2id (OWASP recommended parameters).
  • All data transmitted over TLS encryption.
  • Infrastructure runs in isolated, non-root containers with resource limits.
  • Sensitive configuration values managed with zeroing-on-drop secret storage:secrets are never logged or exposed in stack traces.

Third-Party Services

PricklyMails infrastructure is hosted entirely within the European Union. We use third-party services only for infrastructure hosting, DNS, and payment processing. We do not sell, share, or provide your data to any third party for marketing or advertising purposes. For the current list of subprocessors, contact us at hugodeltour.pro@gmail.com.

Cookies

PricklyMails uses only strictly functional cookies: authentication and session cookies for secure access, and preference cookies for storing your locale and theme settings. We do not use tracking cookies, analytics cookies, or any third-party advertising cookies.

Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate personal data.
  • Request deletion of your personal data (right to be forgotten).
  • Receive your data in a portable, machine-readable format.
  • Object to processing of your personal data.

To exercise any of these rights, contact us at hugodeltour.pro@gmail.com. We will respond within 30 days.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated date. Continued use of the service after changes constitutes acceptance of the revised policy.

Contact

For any privacy-related questions or concerns, contact Hugo Deltour at hugodeltour.pro@gmail.com.