EmailVerify — Privacy Policy Last Updated: March 26, 2026 This Privacy Policy explains how EmailVerify ("we", "us", "our") collects, uses, stores, and shares personal data when you install or use the EmailVerify application ("App") on your Shopify-powered store. It also describes the rights available to you and how to exercise them. By installing or continuing to use the App, you acknowledge that you have read and understood this policy. --- 1. WHO WE ARE AND OUR ROLE EmailVerify is operated as a Shopify application. In the context of data protection law: - The Shopify merchant (store owner) who installs the App is the DATA CONTROLLER — the entity that determines why and how customer personal data is processed. - EmailVerify acts as a DATA PROCESSOR — we process personal data on behalf of the merchant, strictly to provide the App's email verification functionality. This distinction is important. As a merchant, you are responsible for ensuring your own use of verified data complies with applicable privacy and marketing laws. --- 2. DATA WE PROCESS When the App is installed and operational, we access and process the following categories of data: a) Customer email addresses — sourced from your Shopify store via the Shopify Admin API, used solely for the purpose of email verification. b) Store metadata — your Shopify shop domain and basic configuration data, used to identify and operate your App session. c) Verification results — the outcome of each email check (e.g. deliverable, risky, undeliverable), which are written back to your Shopify store as customer tags. d) Usage and session data — technical data collected when you use the App dashboard, including IP addresses, browser type, pages visited, and timestamps, collected via log files and third-party analytics tools (see Section 5). We do NOT collect payment information. All billing is managed by Shopify and governed by Shopify's own privacy policy. --- 3. LEGAL BASIS FOR PROCESSING (GDPR) If you are located in the European Economic Area or the United Kingdom, we process personal data on the following legal bases: - Contractual necessity (Article 6(1)(b)): Processing customer email addresses is necessary to deliver the email verification service you have contracted us to provide. - Legitimate interests (Article 6(1)(f)): We process technical usage data to maintain and improve the App, prevent fraud, and ensure security. Our legitimate interests do not override your fundamental rights. - Legal obligation (Article 6(1)(c)): We may process data when required to comply with applicable law or a valid legal order. - Consent (Article 6(1)(a)): Where we use analytics cookies or similar tracking technologies that require consent, we rely on your consent, which you may withdraw at any time. --- 4. HOW WE USE THE DATA We use the data described above exclusively to: - Operate the App and provide email verification results. - Write verification outcome tags back to your Shopify customers. - Maintain the security and integrity of the App. - Communicate with you regarding the App (service updates, important notices). - Improve App performance based on aggregated, anonymised usage patterns. We do NOT sell personal data. We do NOT use customer email addresses for any marketing or profiling purposes unrelated to the verification service. --- 5. THIRD-PARTY SUB-PROCESSORS To provide the verification service, we share customer email addresses with the following categories of sub-processors: a) Email verification providers — we use one or more third-party email verification services to process email addresses and return a deliverability result. These providers act as our sub-processors and are contractually bound to process data only for verification purposes and to maintain appropriate security measures. A current list of active verification sub-processors is available on request at support@emailverify.tools. b) Analytics and monitoring tools — we use the following tools on the App dashboard to understand usage and improve the service: - Google Analytics (Google LLC) — usage analytics; data may be processed in the United States under Google's standard contractual clauses. - Microsoft Clarity (Microsoft Corporation) — session recording and heatmaps; data may be processed in the United States under Microsoft's standard contractual clauses. - Smartlook (Smartlook.com, s.r.o.) — session recording; data may be processed in the EU and internationally under applicable safeguards. c) Infrastructure and hosting providers — we use cloud infrastructure providers to host the App and its database. These providers are bound by data processing agreements. d) Shopify — the App operates within the Shopify platform. Shopify independently processes data as described in Shopify's Privacy Policy (shopify.com/legal/privacy). All sub-processors are required to implement appropriate technical and organisational security measures and to process data only as instructed. --- 6. INTERNATIONAL DATA TRANSFERS We operate internationally and some of our sub-processors are located outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, including: - Standard Contractual Clauses (SCCs) approved by the European Commission. - Adequacy decisions where applicable. You may request a copy of the applicable transfer mechanism by contacting us at support@emailverify.tools. --- 7. DATA RETENTION We retain personal data only for as long as necessary to fulfil the purposes described in this policy: - Customer email addresses and verification results: retained for as long as your store has the App installed. Upon uninstallation, data associated with your store is deleted or anonymised within 30 days, unless we are required by law to retain it longer. - Technical and usage logs: retained for up to 12 months, then deleted. - Billing records: retained for up to 7 years to comply with applicable tax and accounting obligations (processed by Shopify, not by us). --- 8. DATA SECURITY We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure, including: - Encrypted data transmission (TLS/HTTPS). - Access controls limiting data access to authorised personnel only. - Regular security reviews of our infrastructure. No system is completely secure. In the event of a personal data breach that is likely to result in a risk to individuals' rights and freedoms, we will notify affected parties and relevant supervisory authorities as required by applicable law. --- 9. YOUR RIGHTS Depending on your location, you may have the following rights regarding your personal data: European Economic Area and United Kingdom (GDPR / UK GDPR): - Right of access — to obtain a copy of the data we hold about you. - Right to rectification — to correct inaccurate data. - Right to erasure — to request deletion of your data where there is no legitimate reason to continue processing it. - Right to restriction — to limit how we process your data in certain circumstances. - Right to data portability — to receive your data in a structured, machine-readable format. - Right to object — to processing based on legitimate interests. - Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing. - Right to lodge a complaint — you have the right to lodge a complaint with your local data protection supervisory authority (e.g. the ICO in the UK, or your national DPA in the EU). California (CCPA / CPRA): - Right to know what personal information we collect, use, and disclose. - Right to delete personal information we hold about you. - Right to opt out of the sale or sharing of personal information. We do NOT sell or share personal information as defined by the CCPA. - Right to non-discrimination for exercising your privacy rights. To exercise any of these rights, contact us at support@emailverify.tools. We will respond within 30 days (or within the timeframe required by applicable law). --- 10. COOKIES AND TRACKING TECHNOLOGIES The App dashboard uses cookies and similar technologies for: - Essential functionality (session management, security). - Analytics and performance monitoring (Google Analytics, Microsoft Clarity, Smartlook). Where required by law, we will request your consent before placing non-essential cookies. You may withdraw consent or manage cookie preferences through your browser settings. Note that disabling certain cookies may affect App functionality. For more information on cookies, visit www.allaboutcookies.org. --- 11. CHILDREN'S PRIVACY The App is intended solely for use by businesses and their authorised personnel. We do not knowingly collect personal data from individuals under the age of 16. If you believe we have inadvertently collected such data, please contact us immediately at support@emailverify.tools. --- 12. CHANGES TO THIS POLICY We may update this policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this document and notify you via the App dashboard or email. Your continued use of the App after the effective date of the updated policy constitutes your acceptance of the changes. --- 13. CONTACT AND DATA PROTECTION ENQUIRIES For any questions, concerns, or data-related requests under this policy: Email: support@emailverify.tools Website: https://emailverify.tools We aim to respond to all enquiries within 30 days.