Privacy Policy | EmailSheriff

      The short version — we keep it simple.
      EmailSheriff does not store, log, or share any email address you enter into our tools.
      Validations run in your browser or are processed and immediately discarded. We have no database of user emails.
      We collect only anonymous analytics to improve the product.
    

This Privacy Policy explains how EmailSheriff ("we", "our", or "us"), operated by an individual based in Chennai, India, collects and handles information when you use emailsheriff.com ("the Site"). This policy complies with the EU General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA), and India's Digital Personal Data Protection Act 2023 (DPDP Act).

1. Who we are

EmailSheriff is a free email health toolkit built and operated independently from Chennai, India. For data protection enquiries, contact us at: hello@emailsheriff.com

2. What data we collect

2a. Email addresses you validate

When you use any EmailSheriff tool (syntax validator, spam scanner, MX checker, etc.) and enter an email address:

The validation happens in your browser (client-side JavaScript) for syntax checks
For server-side checks (MX, SMTP), the email is sent to our server, processed, and the result is returned — the email is never written to a database or log file
We do not store, sell, share, or retain any email address you validate

2b. Analytics data (anonymous)

We use Google Analytics 4 to collect anonymous, aggregated information including:

Pages visited and time spent on site
General geographic region (country level, not city)
Browser type and device category
How you arrived at the site (search, direct, referral)

This data contains no personally identifiable information. IP addresses are anonymised before any processing. You can opt out via our cookie banner or by installing the Google Analytics Opt-out Browser Add-on.

2c. Cookies

We use the following cookies:

es_cookie — stores your cookie consent preference. This is a functional cookie required to remember your choice. It expires after 365 days.
Google Analytics cookies (_ga, _ga_*) — used only if you accept analytics cookies. These are third-party cookies operated by Google.

We do not use advertising cookies, tracking pixels, or any marketing cookies.

2d. Contact form submissions

If you contact us via our contact form or by email, we collect your name, email address, and message. This is used solely to respond to your enquiry and is not shared with third parties.

3. Legal basis for processing (GDPR / UK GDPR)

Under the GDPR and UK GDPR, we process data on the following legal bases:

Consent — for analytics cookies (Google Analytics). You can withdraw consent at any time via the cookie settings link in our footer.
Legitimate interests — for basic server logging needed to maintain security and prevent abuse. Our legitimate interest is running a secure, functional service.
Contractual necessity — for contact form responses, to reply to your enquiry.

4. Your rights

EU and UK residents (GDPR / UK GDPR)

You have the right to: access personal data we hold about you; request correction or deletion; restrict or object to processing; data portability; and to lodge a complaint with your supervisory authority (the ICO in the UK, or your national authority in the EU).

California residents (CCPA)

California residents have the right to: know what personal information we collect and how it is used; delete personal information we have collected; opt out of the "sale" of personal information — we do not sell personal information; and non-discrimination for exercising your rights.

India residents (DPDP Act 2023)

Under India's Digital Personal Data Protection Act 2023, you have the right to: access information about your personal data we hold; correct inaccurate personal data; erasure of your personal data when no longer necessary; grievance redressal; and to nominate a person to exercise rights on your behalf.

Our Data Protection Officer for DPDP Act purposes can be contacted at: hello@emailsheriff.com

5. Data retention

We retain data only as long as necessary:

Email addresses entered for validation: not retained at all
Analytics data: retained by Google Analytics for 14 months, then automatically deleted
Contact form messages: retained for up to 12 months, then deleted
Cookie consent record: 365 days (stored in your browser's localStorage)

6. Data sharing and third parties

We do not sell your data. We do not share personal data with advertising networks or data brokers. The only third-party service we use is Google Analytics, which processes anonymous usage data under Google's privacy policy. No email addresses you enter into our tools are ever shared with any third party.

7. International data transfers

Our hosting is located within the European Economic Area and compliant hosting regions. Google Analytics may process anonymous data in the United States. Google maintains Standard Contractual Clauses (SCCs) to ensure compliance with GDPR for such transfers.

8. Security

We implement appropriate technical and organisational measures to protect information, including HTTPS encryption for all data in transit, and the fact that we simply do not store email addresses means there is no sensitive database to breach.

9. Children's privacy

EmailSheriff is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided personal information, please contact us and we will delete it promptly.

10. Changes to this policy

We may update this Privacy Policy periodically. We will note the "last updated" date at the top of this page. Continued use of the site after changes constitutes acceptance of the revised policy.

11. Contact us

For any privacy-related queries, to exercise your rights, or to raise a concern, please contact:

EmailSheriff
Email: hello@emailsheriff.com
Location: Chennai, Tamil Nadu, India
Response time: Within 30 days (as required by GDPR and DPDP Act)