Privacy Policy

Last updated: 15 April 2026

ListProof is built by outbound operators, for outbound operators. We treat your data — and that of the prospects you process through the Service — the way we'd want ours handled. In practice, that means we store the bare minimum, and never anything you didn't knowingly submit.

1. Who we are

ListProof (“we”, “the Service”) is operated by the owner of the listproof.io domain. For any privacy question, write to hello@listproof.io.

2. What we collect

• Account data: your email address and a hashed password (managed by Supabase Auth).
• Billing metadata: your Stripe customer ID, subscription ID, subscription status, credit balance and current period end. We never see or store your card details — Stripe handles that.
• Technical logs: standard request logs (IP, user agent, timestamps) kept up to 30 days for debugging and abuse detection.

3. What we do NOT collect

• Your uploaded CSVs. Files are processed in memory during the request and discarded once the response is sent. They are never written to our database or shared with anyone.
• Your Apollo or ZeroBounce API keys. They live in your browser's localStorage. When you use them, our server receives the key in the POST body, uses it once to call the third-party API, and discards it immediately. We don't log the key.
• The lead email addresses you process. They pass through our in-memory classifier and are returned to you. We keep no copies.
• Behavioral analytics, tracking pixels or third-party ad cookies. The Service does not use Google Analytics, Meta Pixel or similar trackers.

4. Cookies

We use only strictly necessary cookies for authentication (Supabase session cookies). They are essential to operate the Service — without them you can't stay logged in. We don't use advertising or tracking cookies.

5. Third-party processors

• Supabase (EU region) — stores your account email, hashed password and subscription metadata. See supabase.com/privacy.
• Stripe — processes subscription payments. Your card details never transit our servers. See stripe.com/privacy.
• Vercel — hosts the app and handles HTTP requests. See vercel.com/legal/privacy-policy.

6. Your rights (GDPR)

If you're in the European Economic Area (or any jurisdiction with comparable law), you have the right to access, rectify, delete, export your data, withdraw consent, and lodge a complaint with your local data-protection authority. To exercise any of these, write to hello@listproof.io. We respond within 30 days.

7. Deleting your account

Cancel your subscription from the customer portal (⚙️ Settings → Manage subscription), then email us to request account deletion. On request, we permanently delete your profile and Supabase Auth record. Stripe retains billing data for the period required by tax law.

8. Changes to this policy

We'll update this page as our practices evolve. The “Last updated” date at the top reflects the most recent revision.

← Back to home · Terms of Service