GDPR & Data Privacy
How RocketVerifier handles personal data, retention policies, and your rights under GDPR and other privacy regulations.
GDPR Compliant by Design
RocketVerifier is built with EU data protection requirements in mind. We provide configurable data retention, self-service data export, and account deletion — giving you full control over personal data stored in your account.
What Data We Store
| Category | Examples | Retention |
|---|---|---|
| Account data | Email, name, subscription info | Until account deletion |
| Verification results | Email addresses, status, scores | Per retention setting (default 90 days) |
| API usage logs | Credit usage, timestamps, job IDs | Until account deletion |
| Billing records | Invoices, payment history | 7 years (legal requirement) |
Data Retention
Each account has a configurable dataRetentionDays setting (default: 90 days). Verification email rows older than this window are automatically purged by a daily retention job.
Automatic purge process
- A daily cron job scans accounts with
dataRetentionDays > 0 - Verification email rows older than the cutoff date are deleted
- Jobs with all emails purged are anonymized (name set to "Archived list", file removed)
- Set
dataRetentionDays = 0to retain data indefinitely
Configure your retention window in Dashboard → Settings → Privacy.
Data Export
Export all personal data associated with your account. This satisfies GDPR Article 20 (right to data portability).
// Authenticated session required (dashboard cookie)
fetch("/api/user/gdpr")
.then(res => res.json())
.then(data => {
const blob = new Blob([JSON.stringify(data, null, 2)], { type: "application/json" });
const url = URL.createObjectURL(blob);
const a = document.createElement("a");
a.href = url;
a.download = "rocketverifier-data-export.json";
a.click();
});Export includes
- Account profile (email, name, subscription, credits)
- Recent credit usage history (last 100 entries)
- Verification jobs (last 50, metadata only)
- API keys (prefix and status — never the full key)
- Invoice and billing history
- Export timestamp
You can also trigger an export from Dashboard → Billing → Export My Data.
Account Deletion
Permanently delete your account and all associated data. This satisfies GDPR Article 17 (right to erasure). This action is irreversible.
// Authenticated session required
fetch("/api/user/gdpr", { method: "DELETE" })
.then(res => res.json())
.then(data => console.log(data));
// { "success": true, "message": "Account deleted" }What gets deleted
- User account and profile
- All API keys
- Verification jobs and email results
- Credit usage history
Billing records required for tax compliance are retained in anonymized form for 7 years.
Your Rights
Right to Access
Request a copy of all personal data we hold via the export endpoint above.
Right to Erasure
Delete your account and associated data via the deletion endpoint.
Right to Rectification
Update your profile information anytime from Dashboard → Settings.
Right to Restrict Processing
Set a shorter data retention window or contact us to pause processing.
Privacy Requests
For data subject access requests, privacy inquiries, or DPA requests, contact support@rocketverifier.com. We respond to all GDPR requests within 30 days.
