Privacy Policy (Last updated: July 24, 2025)

LeakRadar.io (the Service) processes personal data in accordance with Regulation (EU) 2016/679 (GDPR) and applicable French law.

Alexandre Vandamme, Sole proprietorship, 24 rue Henri Matisse, 59150 Wattrelos, France. VAT not applicable (art. 293 B CGI). Contact: [email protected].

• Account creation, breach search and notifications - contract.
• Billing and bookkeeping - legal obligation.
• Security logs and rate-limiting - legitimate interest.
• Marketing cookie campaign_code (30 days) and analytics (_ga, _gcl_au, 30 days) - consent.

• First and last name, email, hashed password (bcrypt cost 12).
• Postal address, phone, country, VAT number (for invoices).
• IP addresses at sign-up and login, search history (12 months), audit logs.
• Cookies: twk_uuid_, TawkConnectionTime, _ga, _gcl_au, campaign_code - each limited to 30 days.

• Inactive accounts: deleted after 12 months.
• Server access logs: 12 months max (CNIL recommendation).
• Encrypted backups: 12 months.
• Invoices: 10 years (French accounting rules).

OVH (France), Cloudflare (DNS / WAF), Stripe, NOWPayments, Mailtrap, Tawk.to, Slack and Telegram. Each provider relies on GDPR Standard Contractual Clauses or the EU-US DPF when processing outside the EEA.

Data may transit through Cloudflare, Stripe, Slack, Tawk.to or Telegram servers located outside the EEA. These transfers are covered by the SCC referenced in each vendor's Data Processing Addendum.

All connections use TLS 1.3. User passwords are salted + hashed (bcrypt 12). Leaked credentials are stored in clear text for full-text search; access is rate-limited, logged and restricted to authenticated users. You acknowledge this residual risk when using the Service.

You may access, rectify, erase, restrict, object to or port your data. Requests: [email protected]. We reply within one month.

You can lodge a complaint with the CNIL (www.cnil.fr).

Material changes will be announced at least 30 days in advance (email and in-app banner).