FAQ

For public checks on the homepage or breach checker when you are not signed in, no, we do not store your email address. The check is processed and the result is returned without logging what you searched.

For emails you add to your monitoring dashboard while signed in, we do store the email address because we need it to alert you when new breaches are found.

No. We do not sell, rent, or share your personal data with advertisers or outside parties. Our business model is based on subscriptions, not your data.

See our full privacy policy for a complete list of what we collect and why.

We use a privacy method called k anonymity. For checks against HaveIBeenPwned, we hash your email with SHA 1 and send only the first 5 characters of that hash to the API. The API returns many possible matches, and we compare them locally.

This means the API never sees your real email address. Our methodology page explains the process in more detail.

Yes. You can delete your account from your dashboard settings. This removes your account, monitored emails, scan history, and stored results. You can also email us at privacy@dataleakz.com and we will confirm once deletion is complete.

It means your email address appeared in a dataset that was stolen from a company and later became publicly known. The seriousness depends on what other data was exposed with it.

If passwords were included, you should change that password anywhere you used it. If payment data was included, watch your bank statements closely. Our dashboard shows what was exposed and what actions matter most.

Not always. It means your email was not found in the breaches we currently index. Some breaches have never been publicly disclosed, some have not been indexed yet, and some may still be unknown.

A clean result is a good sign, but it is not a guarantee. That is why ongoing monitoring is better than checking only once.

We monitor public sources regularly. Major publicly confirmed breaches are often added within 24 to 72 hours after confirmation. Our paste site monitoring runs every 6 hours to look for newly dumped credentials.

Some breach data gets repackaged and shared again in new places. What looks like multiple breaches can sometimes be the same original dataset moving through different channels. We try to remove duplicates when possible, but some overlap can still happen.

Here is the best order to follow:

• Change the password for the affected service right away
• If you used that password anywhere else, change it there too
• Turn on two factor authentication if it is available
• If payment data was exposed, contact your bank and watch your statements
• Watch for suspicious emails pretending to come from the company

Our dashboard gives you a prioritized action list based on what was exposed in each breach.

Most breaches contain hashed passwords instead of plain text passwords. Still, weak or common passwords can often be cracked quickly. You should assume the password is compromised even if it was stored as a hash.

Change it right away and change it anywhere else you used the same password. A password manager can help you create a different password for every service.

If you already changed the password after the breach and you do not reuse passwords, you are likely fine. If you are still using the same password from years ago on that service, change it now. Old breach data is still used in credential stuffing attacks for a long time.

The free plan includes unlimited breach checks, monitoring for 1 email address, breach alerts, and access to free security tools like the password generator, strength checker, and URL analyzer.

Yes. You can move back to the free plan at any time from your dashboard. Your paid access continues until the end of your current billing period.

Yes. Our Business plan is designed for teams. It includes domain monitoring, team dashboards, Slack alerts, and CSV exports for compliance needs. Contact us if you want to discuss your setup.