Privacy — DisposableGuard

What we collect

When you call the API:

• • Domain only (e.g. mailinator.com). We extract the domain from the email you send and drop the local part. The full email never hits disk.
• • The verdict (is_disposable true/false).
• • Your API key ID, so we can attribute usage for billing.
• • IP address, for rate-limiting and country-level analytics (no precise geolocation).
• • User-Agent and Referer (when present), for traffic analytics.

When you sign up:

• • Email address, name, password (hashed via NextAuth).
• • Stripe customer ID (for paid plans).

What we do NOT collect

• • The full email addresses you check via the API.
• • The content of any messages.
• • Any per-user behavioral telemetry beyond the above.
• • Third-party trackers or pixels (no Google Analytics, no Hotjar, no Facebook Pixel).

Where the data lives

• • Application: self-contained Next.js deployment on Vercel.
• • Database: Upstash Redis for rate limiting and API key storage.
• • Payment processing: Stripe.

Contact

Reach the team at support@disposableguard.com.

Last updated: 2026.