← Back to Email Validator

Privacy Policy

Last updated: February 2026

1. Overview

This Email Validator is a free tool that helps you discover valid email address patterns for a given person and company domain. The tool supports both single lookups (one person at a time) and bulk CSV uploads (multiple contacts at once). Your privacy is important to us. This policy explains what data is processed, how the tool works technically, and your rights.

2. Responsible Party (Verantwortlicher gem. Art. 4 Nr. 7 DSGVO)

Webmaster: Silvester Wehmer
Email: silvester@0xunstable.world
Server Location: Germany (Hetzner Online GmbH, Gunzenhausen)

3. How the Tool Works

3.1 Single Lookup

When you enter a name and company domain, the tool performs the following steps:

1
Email Pattern Generation

Based on the first name, last name, and domain you provide, the tool generates common email address patterns (e.g., john.doe@company.com, j.doe@company.com, jdoe@company.com, etc.). This is a purely algorithmic process — no external services are contacted at this stage.

2
MX Record Lookup (DNS)

The tool queries public DNS servers to find the MX (Mail Exchange) record for the given domain. This tells us which mail server is responsible for receiving emails at that domain. This is the same public information any email client uses to deliver mail.

3
SMTP Verification

The tool opens a connection to the domain's mail server on port 25 (the standard SMTP port) and initiates a standard mail delivery handshake. It sends a RCPT TO command with each generated email address. If the server responds with a 250 OK, the email address exists. If it responds with a 550 error, the address does not exist. No actual email is ever sent. The connection is closed before any message data is transmitted.

Some mail servers block this type of verification (e.g., Microsoft 365, Google Workspace). In those cases, the tool reports the email as "Unverifiable" — meaning the domain exists but the server does not allow us to confirm individual addresses.

3.2 Bulk CSV Upload

The Bulk CSV Upload feature allows you to validate multiple contacts at once by uploading a CSV file. The process works as follows:

1
CSV File Upload & Parsing

You upload a CSV file containing columns: first_name, last_name, and domain. The file is parsed entirely in server memory. The uploaded file is not saved to disk and is discarded immediately after parsing. A maximum of 100 contacts per upload is enforced.

2
Sequential Processing

Each contact in the CSV is processed sequentially using the same three-step method described above (pattern generation → MX lookup → SMTP verification). When a valid email is found for a contact, processing for that contact stops immediately (early exit) to minimize unnecessary server queries.

3
Results & Download

Results are held in temporary server memory and can be downloaded as a CSV or JSON file. Results are not persisted in any database and are automatically discarded when the server restarts or after a reasonable period of inactivity.

4. Data We Process

When you use this tool, the following data is processed:

Single Lookup:

  • Input data: The first name, last name, and domain you enter into the form.
  • Generated emails: The email address variants created from your input.
  • Validation results: The responses from the target mail server (exists / does not exist / unverifiable).

Bulk CSV Upload:

  • Uploaded CSV file: The file containing first names, last names, and domains. This file is parsed in memory and immediately discarded — it is never written to disk or stored.
  • Contact data: The individual contact records extracted from the CSV (first name, last name, domain) are held in temporary server memory during processing.
  • Bulk results: Per-contact validation results (found email, status, number of emails checked) are held in temporary server memory until download or server restart.

General:

  • Server logs: Standard web server access logs (IP address, timestamp, requested URL, user agent, HTTP status code) as required for server operation and security.
  • No tracking data: We do not collect browser fingerprints, device identifiers, or behavioral analytics.

5. Data Storage & Retention

  • No database: This tool does not use a database. All validation results (single and bulk) are held in temporary server memory (RAM) only.
  • No file storage: Uploaded CSV files are parsed in memory and immediately discarded. They are never written to the server's file system.
  • Session-based: Results exist only for the duration of your session. Once you close the page, start a new search, or the server restarts, previous results are discarded.
  • No accounts: There is no user registration, login, or profile system.
  • No data sharing: Your input data and results are never shared with, sold to, or made accessible to third parties.
  • Server logs: Standard access logs are retained for up to 14 days for security and debugging purposes, then automatically deleted.

6. Cookies

This tool does not use cookies. We do not set any tracking cookies, analytics cookies, or advertising cookies. The only data stored in your browser is a simple localStorage flag to remember that you dismissed the information banner — this is not a cookie and contains no personal data.

7. Third-Party Services

This tool uses the following external resources:

  • Google Fonts (Inter): The font is loaded from Google's CDN (fonts.googleapis.com). Google may log your IP address when serving the font. See Google's Privacy Policy.
  • Bootstrap CSS/JS: Loaded from jsDelivr CDN (cdn.jsdelivr.net). See jsDelivr's Privacy Policy.

No analytics services (Google Analytics, Matomo, etc.) are used. No advertising networks are integrated. No data is shared with or sold to third parties.

8. User Responsibility for Bulk Uploads

When you use the Bulk CSV Upload feature, you are uploading personal data of third parties (names and associated company domains). As the user of this tool, you are responsible for ensuring that:

  • You have a legitimate legal basis (e.g., Art. 6(1)(f) GDPR — legitimate interest in B2B sales prospecting) for processing the contact data you upload.
  • The data you upload is used for lawful purposes only, such as legitimate business-to-business (B2B) outreach.
  • You comply with all applicable data protection laws, including the GDPR, the German BDSG (Bundesdatenschutzgesetz), and any other relevant regulations in your jurisdiction.
  • You do not upload sensitive personal data (special categories under Art. 9 GDPR) or data of minors.
  • Any email outreach you conduct based on the results of this tool complies with applicable anti-spam laws (e.g., the German UWG § 7, the EU ePrivacy Directive, CAN-SPAM Act).

This tool is designed as a B2B sales prospecting aid. It is not intended for mass unsolicited email campaigns, spam, or any form of harassment. The operator of this tool assumes no liability for misuse by its users.

9. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR) — You can request information about what data we process.
  • Right to rectification (Art. 16 GDPR) — You can request correction of inaccurate data.
  • Right to erasure (Art. 17 GDPR) — You can request deletion of your data.
  • Right to restriction (Art. 18 GDPR) — You can request restriction of processing.
  • Right to data portability (Art. 20 GDPR) — You can request your data in a machine-readable format.
  • Right to object (Art. 21 GDPR) — You can object to the processing of your data.
  • Right to lodge a complaint (Art. 77 GDPR) — You have the right to lodge a complaint with a supervisory authority. The competent authority in Germany is the respective state data protection authority (Landesdatenschutzbeauftragter).

Since this tool does not store personal data beyond temporary server memory and standard access logs, most of these rights are automatically fulfilled. If you have any concerns, please contact us at silvester@0xunstable.world.

10. Legal Basis for Processing

The processing of data when using this tool is based on the following legal grounds:

  • Art. 6(1)(f) GDPR — Legitimate Interest: The primary legal basis for processing data through this tool is the legitimate interest of the user in discovering valid business email addresses for B2B sales prospecting purposes. The tool processes only publicly derivable information (name + company domain) and performs standard SMTP protocol operations that any email client would perform when attempting to deliver a message.
  • Art. 6(1)(f) GDPR — Server Security: Server access logs are processed based on the legitimate interest of maintaining server security, preventing abuse, and ensuring the availability of the service.

Balancing of interests: The data processed is limited to business contact information (names and company domains) that is typically publicly available (e.g., on company websites, LinkedIn, business directories). No private or sensitive data is processed. The SMTP verification technique does not send any emails and does not cause any disruption to the target mail server. The processing is therefore proportionate and does not override the fundamental rights of the data subjects.

11. Security Measures

We implement the following technical and organizational measures to protect your data:

  • Encryption in transit: All connections to this tool are encrypted via HTTPS/TLS (Let's Encrypt certificate).
  • Server location: The server is located in Germany (Hetzner Online GmbH) and operated on infrastructure that complies with European data protection standards.
  • Containerization: The application runs in an isolated Docker container, limiting the attack surface.
  • No persistent storage: By design, no user data is written to disk, minimizing the risk of data breaches.
  • Rate limiting: Bulk uploads are limited to 100 contacts per request to prevent abuse.

12. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in the tool's functionality or legal requirements. The "Last updated" date at the top of this page indicates when the policy was last revised. We recommend reviewing this page periodically.

13. Contact

If you have any questions about this privacy policy, the processing of your data, or wish to exercise your rights under the GDPR, please contact:

Silvester Wehmer
Email: silvester@0xunstable.world