Skip to content
Login / Register

Terms of Service (Last updated: November 14, 2025)

1. Legal Notice

  • Operator: Alexandre Vandamme, Sole proprietorship
  • Address: 24 rue Henri Matisse, 59150 Wattrelos, France
  • SIREN 951 723 667 – VAT FR67951723667 (VAT collected in France and for EU consumers, reverse charge available with a valid EU VAT number)
  • RCS Lille Métropole 951 723 667
  • Email: [email protected]
  • Host: OVH, 2 rue Kellermann, 59100 Roubaix, France
French law applies. Disputes fall under the courts of Lille, France.

2. Service

The Service is a breach intelligence and leak discovery platform. It indexes credentials and other data that were technically accessible on the internet at the time of collection without us having to bypass authentication, paywalls or technical protection measures. We do not purchase datasets or pay for access to stolen data.

For some URLs we also crawl the page to extract limited metadata such as the title, HTTP status code, page text and meta description. For eligible text based datasets, some plans include a Raw Search feature that lets you search inside the body of the leak.

The Service is primarily intended for professional use (B2B). Some features may be accessible to consumers; where mandatory, consumer rules apply. We do not encourage or facilitate intrusions. We do not target or intentionally index datasets that primarily contain banking or medical records. If we later become aware that a dataset is unlawful or was not meant to be publicly accessible, we remove or restrict it as soon as reasonably possible. If you identify clearly unlawful content or your own data you want removed, notify us under Section 13.

3. Authorised Use

  • You confirm a lawful basis to process any personal data you query and that you are authorised to assess the relevant assets (your organisation or your client with a written mandate, or lawful open-source research).
  • Strictly prohibited: credential stuffing, unauthorised account access, doxxing or harassment, publishing full credential dumps, contacting breach victims, re-selling or mirroring our datasets, benchmarking at scale, scraping the UI or API, bypassing geoblocks, or using output to exploit breaches.
  • Bug bounty: allowed only if the target program explicitly authorises the use of external breach intelligence and OSINT tools of this nature.
  • Access controls: leak contents are locked by default. Access to original files requires an active subscription and spending points. Per-period limits mitigate abuse. We may cap or deny unlocks for highly sensitive files or where we suspect misuse. Attempting to bypass these controls is a breach.
  • API and fair use: API access requires a valid key. Do not share keys or exceed plan limits. Automated high-volume extraction, dataset mirroring and re-sale are prohibited. We may apply rate limits and revoke keys that breach these Terms.
  • Raw Search: where your plan includes the Raw Search mode, you must only use it on assets you are authorised to assess and you must not use it to target obviously sensitive datasets such as banking or medical databases. If you discover that a dataset focuses on such data you must stop using it and report it to us.
  • Security logging: for searches we log only the timestamp, your account identifier and the type of search (for example email search, domain search or raw search), not the query content itself. For unlock operations we log the timestamp, your account identifier and the internal leak identifier that was unlocked. We may preserve relevant records to handle abuse reports or legal obligations.

4. Sensitive Domains and Geoblocking

We maintain an internal blacklist of high risk domains for which no results are returned at all. This includes *.gouv.fr and certain domains of public institutions and social security bodies (for example elysee.fr, assemblee-nationale.fr, senat.fr, conseil-etat.fr, justice.fr, cnil.fr, defenseurdesdroits.fr, ameli.fr, msa.fr, caf.fr, urssaf.fr, lassuranceretraite.fr, agirc-arrco.fr, pole-emploi.fr and francetravail.fr). We may extend or modify this list at any time. For other sensitive domains we may require manual validation and proof that you are authorised to act for the concerned organisation before allowing searches or access to leak contents. Access to the Service is denied from territories subject to EU, UN or OFAC sanctions, and from Russia, Iran and North Korea. Circumventing these measures (for example via VPN or proxy) is a breach of the Terms and may lead to immediate suspension.

5. Subscriptions and Withdrawal

Plans are prepaid via Stripe or NOWPayments and renew monthly. Content becomes accessible immediately after payment. If you are a consumer, by ticking the consent box at checkout you expressly request immediate performance and acknowledge you lose your 14-day withdrawal right for digital content supplied without a tangible medium, as set out in art. L221-28-13 of the French Consumer Code. Business users are not entitled to this consumer right.

6. Cancellation and Refunds

You may cancel at any time via Settings > Billings & Plans > Manage Billing. This opens the Stripe portal where you can manage your subscription. Service remains active until the current period ends. No refunds are issued for unused time, except where mandatory law requires otherwise.

7. Conformity Guarantee

Where applicable to consumers, the statutory guarantee for digital services applies (French Consumer Code, art. L224-25-12 and following). For one-off supply it covers defects appearing within two years from supply. For continuous supply it applies during the contract term.

8. Compatibility and Interoperability

Works on modern desktop and mobile browsers. CSV export is available from the UI; JSON is returned by the REST API. Volumes and rate limits depend on the selected plan.

9. Cookies

We use functional cookies (e.g., twk_uuid_, TawkConnectionTime) and analytics cookies (e.g., _ga, _gcl_au). You can refuse as easily as accept via the banner. Durations are kept to what is necessary. We do not use dark patterns.

10. Intellectual Property

The Service and datasets are protected by intellectual property and database rights. Publishing or sharing complete credentials or bulk exports is forbidden. Reports are for your lawful internal cybersecurity use only. You may not reproduce, re-sell or create derivative datasets from our index.

11. Liability

The Service is provided "as is" and may contain third-party content whose accuracy we cannot guarantee. To the maximum extent permitted by law, LeakRadar’s total liability is capped at the fees paid in the 12 months preceding the event. Nothing limits liability where it cannot be limited by law.

12. Minors

Registration is reserved for users aged 18 or above.

13. Notice and Action

Illegal-content notices (DSA art. 16) and authority requests (DSA art. 11) must be sent to [email protected]. We follow a notice-and-action process consistent with the EU Digital Services Act, including a statement of reasons where we restrict content or access. Requests are processed within five business days.

14. Changes

Material changes will be announced at least 30 days before they take effect. Continued use equals acceptance.

15. Severability

If any clause is invalid, the remainder of the Terms stays in force.