2.1. User data collected from each User includes:
2.1.1. When authorizing on the Site:
• username, email address and encrypted password (when creating an Account) or a public OpenID identifier containing only an email address and ID (when using alternative means of authorization);
• Date and time of registration and last access to the Service;
• Information about the transition from another resource;
• Site Language;
• Google Analytics data.
2.1.2. When paying for the Plans, the following Payment Data is collected:
• the email address specified by the User during registration;
• First name, last name;
• billing address.
2.1.3. When sending requests or contacting the Administration by e-mail:
• E-mail address;
• name;
• other information included in the text of the request or appeal.
2.2. The above information received from the User is necessary to perform:
2.2.1. The Terms of Use between the Administration and the User, including but not limited to:
• sending informational messages related to the performance of the Terms of Use and this Policy (about changes in the specified documents, the amount of payments for the Plans, about the events of the User's authorization in the Account, responses to the User's requests, etc.);
• providing access to the Services on an onerous basis and making payments for the Plans to obtain such access, including using the payment systems of a third-party provider;
• ensuring that the User complies with Section 5 of the Terms of Use.
2.2.2. purposes arising from the legitimate interests of the Administration:
• transfer data to third parties on behalf of the Administration for processing on its behalf and providing services on our behalf or, partner organizations that provide support and help improve the operation of the Services;
• respond to inquiries and requests from Users, their legal representatives and government agencies;
• provide technical support to Users when they use the Services.
2.3. The Administration does not collect or process data of bank cards or accounts of Users. Information about bank cards is collected by the payment system of a third-party service provider specified in clause 4.3. of this Policy.
2.4. To confirm the payment of Plans, the Administration has access through the payment system of a third-party service provider to information about the payment status that does not contain bank card data.
2.5. The collected data can be changed at the request of the User if they are inaccurate or irrelevant after his identification.
2.6. The Administration protects the data provided by the User with reasonable and sufficient security measures against loss or theft, as well as against unauthorized access, disclosure, copying, use or modification.
2.7. When searching for leaks without creating an Account by e-mail address entered by the User in the search form of the Site or in the Bot's request, the specified data is not stored anywhere, their backup copies are not created, etc. Before sending a request on the side of the User's web browser, the SHA256 hash from the entered email address is calculated, truncated to 24 characters, and after that the calculated hash is sent to the server. When creating an Account, the function of checking leaks by email address by creating a SHA256 hash from the entered email address is available when the User selects the relevant option in the Account or sends a relevant request to the Bot.
2.8. The Administration does not store on its servers or those ensuring the operation of the Service, the data specified in the paragraph above entered in the verification form on the Sites or in the Bot's request text. When the User uses the Service, the Administration does not collect or access the requested email addresses, phone numbers, keywords, passwords and domain names requested for verification.
2.9. User and Payment data are stored and processed until the processing goals are achieved, that is, until the User stops using the Service and requests the deletion of User data. User and Payment data may also be erased in connection with the termination of the Account on the grounds provided for in clause 5.16 of the Terms of Use. Some personal data may be processed after the termination of the use of the Service, to the extent required by applicable law.
2.10. User and Payment data may be disclosed by virtue of the law or at the inquiries of law enforcement agencies or at the court orders, including to protect the rights of third parties during legal proceedings, administrative procedures, operational search or investigative measures; to protect the rights and interests of other Users; to protect the life and vital interests of other individuals; to ensure the proper level of security of the Service and User data; as well as in order to protect the intellectual property rights, as well as other rights and legitimate interests of the Administration.
2.11. The operator takes technical, organizational and legal measures in order to ensure the protection of the User's personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, distribution, as well as from other illegal actions.
2.12. The storage of information about Users is carried out in secure databases, access to which is limited to third parties.
2.13. The Administration does not sell, does not transfer any data about Users for a consideration and does not provide access to persons not affiliated with or not in contractual relations with the Administration.