# Privacy — CheckDisposable Email

> Plain English. No tracking pixels. We don't store full email addresses.

## What we collect

When you call the API:

- **Domain only** (e.g. `mailinator.com`). We extract the domain from the email you send and drop the local part. The full email never hits disk.
- The verdict (is_disposable true/false).
- Your API key ID, so we can attribute usage for billing.
- IP address, for rate-limiting and country-level analytics (no precise geolocation).
- User-Agent and Referer (when present), for traffic analytics.

When you sign up:

- Email address, name, password (hashed via Better Auth's scrypt).
- Stripe customer ID (for paid plans).

## What we do NOT collect

- The full email addresses you check via the API.
- The content of any messages.
- Any per-user behavioral telemetry beyond the above.
- Third-party trackers / pixels (no Google Analytics, no Hotjar, no Facebook Pixel).

## Where the data lives

- Application: self-hosted on a Hetzner CX23 box in Falkenstein, Germany (Hetzner FSN1).
- Database: Postgres on the same box.
- No third-party SaaS processors for primary data.
- Payment processing: Stripe (United States).
- Transactional email (signup verify, password reset): our own SMTP relay; never a third-party email API.

## Legal jurisdiction

All customer payments, support, and primary data processing are handled under US jurisdiction. Application data is stored in the EU (Falkenstein, Germany). Operating entity: **GrowMeOrganic LLC**, Sheridan, Wyoming, United States.

## Contact

Reach the team at `hello@checkdisposable.email`.

Last updated: 2026.