Skip to content

Privacy Policy

LeakRadar.io (the Service) processes personal data in accordance with Regulation (EU) 2016/679 (GDPR) and applicable French law.

1. Controller

Alexandre Vandamme, Sole proprietorship, 24 rue Henri Matisse, 59150 Wattrelos, France. VAT not applicable (art. 293 B CGI). Contact: [email protected].

2. Purposes and Legal Bases

• Account creation, breach search and notifications — contract.
• Billing and bookkeeping — legal obligation.
• Security logs and rate-limiting — legitimate interest.
• Marketing cookie campaign_code (30 days) and analytics (_ga,_gcl_au, 30 days) — consent.

3. Data We Collect

• First and last name, email, hashed password (bcrypt cost 12).
• Postal address, phone, country, VAT number (for invoices).
• IP addresses at sign-up and login, search history (12 months), audit logs.
• Cookies: twk_uuid_, TawkConnectionTime, _ga,_gcl_au, campaign_code — each limited to 30 days.

4. Retention

• Inactive accounts: deleted after 12 months.
• Server access logs: 12 months max (CNIL recommendation).
• Encrypted backups: 12 months.
• Invoices: 10 years (French accounting rules).

5. Processors

OVH (France), Cloudflare (DNS / WAF), Stripe, NOWPayments, Mailtrap, Tawk.to, Slack and Telegram. Each provider relies on GDPR Standard Contractual Clauses or the EU-US DPF when processing outside the EEA.

6. International Transfers

Data may transit through Cloudflare, Stripe, Slack, Tawk.to or Telegram servers located outside the EEA. These transfers are covered by the SCC referenced in each vendor’s Data Processing Addendum.

7. Security

All connections use TLS 1.3. User passwords are salted + hashed (bcrypt 12). Leaked credentials are stored in clear text for full-text search; access is rate-limited, logged and restricted to authenticated users. You acknowledge this residual risk when using the Service.

8. Your GDPR Rights

You may access, rectify, erase, restrict, object to or port your data. Requests: [email protected]. We reply within one month.

9. Complaints

You can lodge a complaint with the CNIL (www.cnil.fr).

10. Changes

Material changes will be announced at least 30 days in advance (email and in-app banner).