OptimaVerifier
Legal

Privacy policy.

EFFECTIVE MAY 12, 2026

This policy explains what personal data OptimaVerifier collects, why we collect it, how we use and share it, and the rights you have over it. We use plain language wherever we can.

1. Who we are

Elka Technology Group LLC, trading as “OptimaVerifier”, is the controller of personal data processed about you when you use our Service. You can contact us at privacy@optimaverifier.com.

We use Paddle.com Market Limitedas our Merchant of Record for paid subscriptions. Paddle acts as a separate controller for billing-related personal data (name, billing address, payment instrument). See Paddle’s privacy policy for details.

2. Data we collect

From you

  • Account data — your name, email address, and password hash.
  • Billing data— collected and stored by Paddle on our behalf; we receive a token plus invoice metadata (plan, cycle, country for tax).
  • Verification inputs— the email addresses (and any optional accompanying columns) you submit to our verification engine.
  • Support correspondence — the content of any messages you send us.

Automatically

  • Usage data— the routes you visit, the API endpoints you call, response codes, and approximate timings; used to debug and improve the Service.
  • Device data— browser, operating system, IP address, language; used for security, fraud detection, and aggregate analytics.
  • Cookies— a small number of strictly necessary cookies for authentication; we do not use third-party advertising cookies.

3. Why we use it

  • To deliver the Service— perform email verification, return results, store job history at your request.
  • To bill you— process subscriptions, send invoices, calculate taxes (via Paddle).
  • To secure the Service— detect abuse, enforce acceptable-use rules, investigate incidents.
  • To communicate— service notices, billing notices, and (only if you opted in) product updates.
  • To comply — satisfy our legal obligations (tax, accounting, lawful requests).

4. US state privacy laws

We are based in the United States and operate under US federal law and applicable state privacy laws. Depending on your state of residence — for example under the Colorado Privacy Act (CPA), the California Consumer Privacy Act(as amended by the CPRA), or comparable laws in Virginia, Connecticut, and other states — you may have specific rights over your personal information, which we describe in Section 8.

For the personal information described in Section 2 we act as a “business” (or “controller”) under these laws. We do not sell your personal information, and we do not share it for cross-context behavioral (targeted) advertising. We do not use or disclose sensitive personal information for purposes that would require you to have a right to limit that use.

5. Sharing

We share personal data only with:

  • Paddle — for payment processing, invoicing, and tax compliance.
  • Cloud infrastructure providers— to host the Service. They process data only on our written instructions.
  • Authorities— if we are required to disclose by law, but we will challenge requests that we believe are overbroad.

We do not sell personal data. We do not share it with advertising networks.

6. Retention

  • Account data— until you delete your account, then up to 30 days in backups before full erasure.
  • Verification inputs and results— retained for the period you choose in your workspace settings (default: 30 days), then deleted.
  • Billing records — up to 7 years to meet accounting and tax obligations.
  • Logs — up to 90 days for security and debugging.

7. Where we process data

We process and store data in the United States, where our infrastructure and service providers are located. If you access the Service from outside the United States, you understand that your information will be processed in the US, which may have different data protection rules than your home country. Where we receive personal data from the UK or EEA, we rely on an appropriate transfer mechanism (such as the EU Standard Contractual Clauses or the UK Addendum) together with supplementary measures where required.

8. Your rights

Depending on where you live, you may have the right to:

  • Know / access— the personal information we have collected about you and how we use and share it;
  • Correct — inaccurate personal information we hold about you;
  • Delete— the personal information we hold about you (subject to legal retention requirements);
  • Data portability — receive a copy of your data in a portable format;
  • Opt out— of any sale of personal information, targeted advertising, or profiling that produces legal or similarly significant effects (note: we do none of these);
  • Non-discrimination— we will not deny service, charge a different price, or provide a lesser quality of service because you exercised a privacy right.

To exercise any of these rights, email privacy@optimaverifier.com. We will verify your request and respond within the timeframe required by your state’s law (generally 45 days, extendable once where permitted).

Appeals. If we decline your request, you may appeal by replying to our decision. If you are a Colorado resident and remain unsatisfied, you may contact the Colorado Attorney General; residents of other states may contact their own attorney general. If you are in the UK or EEA, you may also contact your local data-protection authority.

9. Security

We use TLS in transit, encryption at rest for sensitive fields, principle-of-least-privilege access controls, audit logging, and regular vulnerability scans. No system is perfectly secure; if we discover a personal-data breach affecting you, we will notify you and the relevant authorities without undue delay, as required by applicable law.

10. Children

The Service is intended for businesses and is not directed to children under 13, and we do not knowingly collect personal information from children under 13 (consistent with the Children’s Online Privacy Protection Act). We also do not knowingly process the data of users aged 13–16 for targeted advertising or “sale” without consent where state law requires it. If you believe a child has provided us data, contact us and we will delete it.

11. Changes to this policy

We’ll post material updates at least 14 days before they take effect and notify registered users by email. Older versions are kept on request.

12. Contact

Questions, requests, or concerns? privacy@optimaverifier.com.

See also: Terms of Service · Refund Policy.