Docs/GDPR & Data Privacy

GDPR & Data Privacy

How RocketVerifier handles personal data, retention policies, and your rights under GDPR and other privacy regulations.

GDPR Compliant by Design

RocketVerifier is built with EU data protection requirements in mind. We provide configurable data retention, self-service data export, and account deletion — giving you full control over personal data stored in your account.

What Data We Store

CategoryExamplesRetention
Account dataEmail, name, subscription infoUntil account deletion
Verification resultsEmail addresses, status, scoresPer retention setting (default 90 days)
API usage logsCredit usage, timestamps, job IDsUntil account deletion
Billing recordsInvoices, payment history7 years (legal requirement)

Data Retention

Each account has a configurable dataRetentionDays setting (default: 90 days). Verification email rows older than this window are automatically purged by a daily retention job.

Automatic purge process

  1. A daily cron job scans accounts with dataRetentionDays > 0
  2. Verification email rows older than the cutoff date are deleted
  3. Jobs with all emails purged are anonymized (name set to "Archived list", file removed)
  4. Set dataRetentionDays = 0 to retain data indefinitely

Configure your retention window in Dashboard → Settings → Privacy.

Data Export

Export all personal data associated with your account. This satisfies GDPR Article 20 (right to data portability).

GET/api/user/gdpr
// Authenticated session required (dashboard cookie)
fetch("/api/user/gdpr")
  .then(res => res.json())
  .then(data => {
    const blob = new Blob([JSON.stringify(data, null, 2)], { type: "application/json" });
    const url = URL.createObjectURL(blob);
    const a = document.createElement("a");
    a.href = url;
    a.download = "rocketverifier-data-export.json";
    a.click();
  });

Export includes

  • Account profile (email, name, subscription, credits)
  • Recent credit usage history (last 100 entries)
  • Verification jobs (last 50, metadata only)
  • API keys (prefix and status — never the full key)
  • Invoice and billing history
  • Export timestamp

You can also trigger an export from Dashboard → Billing → Export My Data.

Account Deletion

Permanently delete your account and all associated data. This satisfies GDPR Article 17 (right to erasure). This action is irreversible.

DELETE/api/user/gdpr
// Authenticated session required
fetch("/api/user/gdpr", { method: "DELETE" })
  .then(res => res.json())
  .then(data => console.log(data));
// { "success": true, "message": "Account deleted" }

What gets deleted

  • User account and profile
  • All API keys
  • Verification jobs and email results
  • Credit usage history

Billing records required for tax compliance are retained in anonymized form for 7 years.

Your Rights

Right to Access

Request a copy of all personal data we hold via the export endpoint above.

Right to Erasure

Delete your account and associated data via the deletion endpoint.

Right to Rectification

Update your profile information anytime from Dashboard → Settings.

Right to Restrict Processing

Set a shorter data retention window or contact us to pause processing.

Privacy Requests

For data subject access requests, privacy inquiries, or DPA requests, contact support@rocketverifier.com. We respond to all GDPR requests within 30 days.

Related Documentation