Legal

Privacy Policy

Last updated: May 2026

What we collect

When you create an account, we collect your company name, work email address, and a hashed password. We do not store plain-text passwords.

When you use the free audit tool, we collect the domain or email address you audit. If you request a follow-up report, we store your email address to deliver the report.

We collect standard server logs (IP address, browser type, pages visited) for security and operational purposes. These are retained for 30 days.

How we use your data

We use your domain to run monitoring scans across our data sources. We use your email address to send you alerts when new exposures are detected, and to deliver reports you request.

We do not sell your data to third parties. We do not use your data for advertising. We do not share your scan results with any party other than you.

Email audit privacy guardrail

The free email audit at /audit sends the full report only to the audited address. We do not forward email audit results to any other destination. This is enforced server-side and cannot be overridden.

Data sources

Breachrr aggregates data from multiple third-party breach databases, infostealer intelligence feeds, public code repositories, and domain infrastructure records. We do not store the underlying breach data — we query it at scan time and return results to you.

Among our data sources is data provided by LeakCheck. See our Legal & attributions page for full details.

Data retention

Account data is retained for the duration of your subscription plus 90 days after cancellation, then permanently deleted.

Audit lead data (domains and emails submitted through the free audit) is retained for 12 months for analytics purposes, then deleted.

Your rights

You may request deletion of your account and associated data at any time by emailing breachrr@outlook.com. We will process deletion requests within 30 days.

If you are in the European Economic Area, you have the right to access, rectify, or erase your personal data, and to object to or restrict its processing. Contact us to exercise these rights.

Security

All data is transmitted over TLS. Passwords are hashed using bcrypt. We do not store payment card data — payments are processed by Paystack and subject to their security standards.

Contact

Questions about this policy: breachrr@outlook.com