Privacy Policy
Last updated: June 13, 2026
Check Harbor ("Check Harbor", "we", "us", or "our") operates the data-validation API and console available at checkharbor.com. This Privacy Policy explains what data we collect, how we use it, and the choices you have. By creating an account or using the service you agree to this policy.
1. Who we are
Check Harbor provides a developer API for validating email addresses, phone numbers, and IP addresses, including a hosted web console and native macOS/iOS applications. For any privacy question, contact us at support@checkharbor.com.
2. Data we collect
Account data
When you sign up we collect your email address and an encrypted password hash. We never store your password in plain text. API keys are stored as hashes; the full key is shown to you only once at creation.
Validation input data
When you call the API you submit data to be validated — email addresses, phone numbers, and IP addresses. This data may belong to your end users. We process it solely to return a validation result to you. We do not sell it, build marketing profiles from it, or use it to train models.
Usage and technical data
We log request metadata (timestamp, endpoint, status code, credits consumed, originating IP) to operate the service, enforce rate limits, bill accurately, and detect abuse.
Payment data
Payments are processed by our payment provider, Creem, acting as merchant of record. We do not see or store your full card details. We receive only the transaction outcome (product purchased, amount, status) needed to grant credits.
3. How we use data
- To provide validation results and operate your account.
- To meter usage, deduct credits, and process payments.
- To send transactional email (verification, password reset, low-credit alerts).
- To secure the service, prevent fraud and abuse, and enforce our Terms.
- To comply with legal obligations.
We rely on the lawful bases of contract (to deliver the service you signed up for), legitimate interest (security, fraud prevention, service improvement), and legal obligation where applicable.
4. Data retention
We minimise retention of validation inputs:
- Single validation calls — the input is processed in memory and not persisted beyond short-lived caches required to return a result.
- Batch uploads — uploaded rows are held in a temporary store with a 7-day time-to-live and then automatically deleted; result files are available for download during that window only.
- Account and billing records — retained while your account is active and for as long as required by tax and accounting law.
When you delete your account, we cascade-delete your account data, keys, and usage records, except where retention is legally required.
5. Subprocessors
We share data with a small number of providers strictly to operate the service:
| Provider | Purpose |
|---|---|
| Creem | Payment processing (merchant of record) |
| Resend | Transactional email delivery |
| Telnyx | Phone (HLR) lookups, when premium validation is used |
| Hetzner | Application and database hosting (EU) |
| Cloudflare | DNS, CDN, and edge security |
6. International transfers
Our infrastructure is hosted in the European Union. Where data is transferred to providers outside your region, we rely on appropriate safeguards such as Standard Contractual Clauses.
7. Your rights
Depending on your jurisdiction (including the GDPR and the Turkish KVKK), you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can delete your account and data directly from the console, or contact support@checkharbor.com. We respond to verified requests within 30 days.
8. Cookies and local storage
The console uses local/secure storage to hold your session token so you stay signed in. We do not use third-party advertising or cross-site tracking cookies.
9. Security
We protect data with encryption in transit (TLS), hashed credentials and API keys, scoped access, and isolated infrastructure. No system is perfectly secure, but we work to safeguard your data and will notify affected users of any breach as required by law.
10. Children
Check Harbor is a developer tool not intended for individuals under 16. We do not knowingly collect data from children.
11. Changes
We may update this policy. Material changes will be reflected by the "Last updated" date above and, where appropriate, communicated by email.
Questions about this policy? Email support@checkharbor.com. See also our Terms of Service.