← Back to home

Privacy Policy

Last updated: March 25, 2026

1. What we collect

When you create an account, we collect your email address and name (if provided via OAuth). We use this information solely to authenticate you and manage your account.

When you use the API, we log the email domain only(e.g., "guerrillamail.com"), never the full email address. We also log the detection result, risk score, response time, and timestamp for analytics purposes.

2. What we do NOT collect

  • We never store the full email address submitted to our API
  • We never sell, share, or rent your data to third parties
  • We never use your data for advertising or marketing to third parties
  • We never track you across other websites

3. npm package

The open-source npm package (@isdisposable/js) runs entirely offline on your machine. It makes zero network requests. No data is sent to our servers or any third party. The domain list is bundled in the package.

4. API data processing

When you call our API, the request is processed in real time. We extract the domain from the email you submit, run our detection checks, and return the result. The full email is discarded immediately after domain extraction — it is never written to any database or log.

API logs (domain, result, score, response time) are stored to power your dashboard analytics. These logs are tied to your account and are deleted when you delete your account.

5. Authentication & OAuth

We use Supabase Auth for authentication. If you sign in with GitHub or Google, we receive your name and email from the OAuth provider. We do not access any other data from your GitHub or Google account (no repos, no contacts, no files).

6. Payments

Payments are processed by Polar.sh, which uses Stripe under the hood. We never see or store your credit card number, billing address, or other payment details. Polar handles all payment data in compliance with PCI DSS standards.

7. Cookies

We use only essential cookies required for authentication (session tokens). We do not use tracking cookies, analytics cookies, or any third-party cookies. No cookie consent banner needed — we simply don't track you.

8. Data retention & deletion

Your account data and API logs are retained for as long as your account is active. When you delete your account (available in Dashboard → Settings), all associated data is permanently deleted, including:

  • Your profile and authentication records
  • All API keys (immediately invalidated)
  • All check logs and analytics data
  • Custom blocklist/allowlist rules
  • Subscription information

9. Data hosting

Our application is hosted on Vercel. Our database is hosted on Supabase (AWS infrastructure). All data is encrypted in transit (TLS) and at rest.

10. Your rights

You have the right to:

  • Access all data we store about you (visible in your dashboard)
  • Export your data
  • Delete your account and all associated data at any time
  • Opt out of any optional communications

11. Changes to this policy

We may update this policy from time to time. If we make significant changes, we will notify you via email or a notice on our website. Continued use of the service after changes constitutes acceptance.

12. Contact

Questions about this policy? Reach out at junaidshaukat546@gmail.com.

© 2026 isDisposable
Terms of ServicePricingDocs