BreachVisorTerms of Service

Privacy Policy

Last updated: June 10, 2026

1. What we collect

Account data: name, email, password (hashed — we can never read it).

Service data: the company domains and employee email addresses you register for monitoring, and the breach metadata we find about them (breach name, date, types of data exposed).

Free check data: the email address you submit to the free breach check, and the result summary.

Usage data: standard server logs, email engagement (whether our emails were opened or clicked), and website analytics via Google Analytics and the Meta (Facebook) pixel (pages visited, approximate location, device type, and advertising measurement — used solely to improve the product and our marketing). We never send your email address or any personal identifier to advertising networks.

Payment data: handled entirely by Stripe. We never see or store your card number.

2. What we never store

We never store leaked passwords, password hashes, or any leaked secret itself — only the fact that a password was exposed in a given breach. This is a deliberate design decision.

3. How we use data

To run the monitoring service and send you security alerts.

To send service emails (alerts, receipts, account notices) and, for free-check users, a short educational email sequence — every marketing email contains a one-click unsubscribe link, honored immediately (CAN-SPAM compliant).

We do not sell, rent, or share your data with third parties for their marketing. Ever.

4. Who we share it with

Only the processors needed to run the service: Stripe (payments), Resend (email delivery), Google Analytics and Meta/Facebook (anonymous website usage statistics and ad measurement — no email or PII sent), our cloud infrastructure provider (hosting), and breach-data providers we query (they receive the identifiers needed to perform the search).

5. Security

Data is encrypted in transit (TLS) and at rest. Access to production systems is restricted and logged. Passwords are hashed with modern algorithms. If we ever experience a breach affecting your data, we will notify you without undue delay.

6. Retention & deletion

Account and monitoring data is kept while your account is active and deleted within 90 days of account closure. Free-check data is kept up to 12 months. Email support@breachvisor.com anytime to request deletion of your data.

7. Contact

BreachVisor is operated by TCQB. For any privacy question or request: support@breachvisor.com.