Privacy Policy

Is It Disposable (isitdisposable.com) is a commercial disposable email address detection service operated by IdeasJam LLC (“we”, “us”, or “our”). This Privacy Policy explains what personal information we collect about you, how we use it, and your rights with respect to it.

This Policy applies to information collected when you visit our website, create an account, subscribe to a plan, or use the Service (our API and JavaScript snippet). It does not govern how our customers handle the email addresses they check through the Service; those customers are responsible for their own data practices.

We collect the following categories of information:

Account information

When you create an account we collect your email address, a hashed version of your password (we use argon2 and never store the plain text), your organization name, and the details of any team members you invite (their email addresses and the roles you assign them).

Billing information

Payment processing is handled by Stripe. We store the details Stripe returns to us (subscription status, plan, billing interval, and customer identifiers) but we do not store your full payment card number or raw card data. Stripe’s own privacy policy governs how Stripe handles your payment information.

Email addresses and domains you submit for checking

The Service processes the email addresses your application submits via the API or JavaScript snippet. What we log depends on the privacy mode you have configured for your account:

• Default mode (domain-only logging):We log only the domain portion of each checked address (for example “example.com”). We never log the local part (the portion before the “@” sign) or the full address.
• No-storage mode (opt-in): We log only the detection results (the domain classification signals, such as whether the address is disposable and whether the domain can receive mail), the recommended action, and the minimal metadata needed for billing. We never log the domain, the local part of the address, or the full address.

The live demo on the homepage is rate-limited and is never billed. We do not log any submitted address or domain for demo requests.

Technical and usage data

We collect your Internet Protocol (IP) address on each request for rate limiting, abuse prevention, and security purposes. We also collect standard server log data such as the request timestamp, the API endpoint called, HTTP status codes, and response times.

Session cookie

When you are signed in, we set a server-side session cookie that identifies your authenticated session. Sessions are stored server-side and are individually revocable. We do not use third-party tracking cookies on the Service.

We use the information we collect to:

• Provide, operate, and maintain the Service, including processing detection requests and returning results.
• Manage your account, subscription, and billing, including sending transactional emails (such as account verification, password reset, and quota alerts) through SocketLabs.
• Enforce rate limits, prevent abuse, and protect the security of the Service and our infrastructure.
• Respond to your support requests and communicate with you about the Service.
• Maintain and improve our disposable domain detection data (this work is based on domain-level signals, not on your personal data).
• Comply with legal obligations and enforce our Terms of Service.

We do not sell your personal information to third parties, and we do not share it for advertising purposes.

We share information with the following sub-processors to operate the Service:

• DigitalOcean - Hosting and managed databases (PostgreSQL and Valkey), located in the United States. Our application and data are hosted on DigitalOcean App Platform.
• Stripe - Payment processing. Stripe processes subscription payments and stores your payment card details in accordance with their privacy policy.
• SocketLabs - Transactional email. SocketLabs sends account verification emails, password reset emails, billing and quota alert emails, and security notices (for example new-login and API-key alerts) on our behalf.
• Sentry - Error monitoring. Sentry receives error reports and diagnostic data from our web, API, and worker components to help us identify and fix issues.

We may also disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

We retain account and billing information for as long as your account is active. After you close your account we may retain certain information for a reasonable period as required to comply with legal obligations, resolve disputes, and enforce our agreements.

Request log data is retained according to your account’s privacy mode. In default (domain-only) mode, we retain domain-level log data for the period needed for billing reconciliation, rate-limit enforcement, and abuse prevention. In no-storage mode, we retain only the minimal billing metadata needed to count the check; no domain or address information is retained beyond the request.

When you delete your account, we process the deletion and remove your personal information consistent with these retention periods.

We take reasonable technical and organizational measures to protect your information. These include:

• Passwords are hashed using argon2, a memory-hard hashing algorithm. We never store or log plain-text passwords.
• All data is transmitted over encrypted connections (Transport Layer Security).
• Sessions are stored server-side and are individually revocable. Signing out immediately invalidates your session.
• Our infrastructure runs in a United States region on DigitalOcean App Platform with managed PostgreSQL and managed Valkey. Error monitoring through Sentry helps us detect and respond to security-relevant issues quickly.

No system is perfectly secure. If you discover a security issue, please contact us at [email protected].

You have the right to:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete personal information by updating it in your account settings.
• Delete your account and associated personal information through the account deletion option in your account settings.

To exercise your rights or for questions about your data, contact us at [email protected]. We will respond within a reasonable time.

Depending on where you are located, you may have additional rights under local privacy law. We will honor requests that are required by applicable law.

The Service is a commercial developer tool not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

Our infrastructure is hosted in the United States. If you are accessing the Service from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States. By using the Service you consent to this transfer.

We may update this Privacy Policy from time to time. We will notify you of material changes by email to the address on your account and by posting the updated Policy here with a new effective date. Your continued use of the Service after the effective date constitutes acceptance of the revised Policy.

Questions or concerns about this Privacy Policy or your personal data? Contact us at: