Verimail.co

Security

Verimail.co is built with security-by-design so you can validate emails without compromising on data protection, governance, or compliance.

This page provides a high-level overview of how we think about security across the platform. For legal details, please review our Terms of Use and Privacy Policy.

Data Security

All access to the Verimail API and web application is encrypted in transit over HTTPS using modern TLS. We strongly encourage customers to use secure networks and to enable multi-factor authentication where available.

Email addresses submitted for validation are processed in real-time and are not stored beyond the duration of the API request unless you explicitly enable logging for your account.

Application Security & Access Control

Verimail includes enterprise-grade controls such as API key management, role-based access, and rate limiting so you can control who accesses your validation quota.

  • Secure API key generation and rotation
  • Rate limiting to prevent abuse
  • Audit logs for API usage tracking

Logging, Monitoring, and Reliability

We collect operational metrics from core services to help detect issues, investigate incidents, and improve reliability. Our infrastructure is designed with redundancy in mind so that individual component failures do not bring down the service.

API Keys and Configuration

Your API keys provide access to our validation service. Keep them secure and never expose them in client-side code. Use environment variables to manage your API keys securely.

Shared Responsibility

Security on Verimail is a shared responsibility. We manage and secure the underlying platform and infrastructure; you are responsible for keeping your API keys secure and using the service in compliance with applicable laws.

  • We operate, monitor, and secure the core services that power the email validation API.
  • You manage your API keys, monitor your usage, and ensure compliant use of the validation data.

Payments and PCI

We use Stripe to process and store payment details which means we never directly handle your payment information. Stripe is a PCI Level 1 Certified payment processor which is the most stringent level of certification available in the payments industry.

Read more about security at Stripe

Reporting Security Issues

If you believe you have found a security vulnerability or have concerns about account security, please use the "Report security issue" option on our contact page. Include as much detail as you can (affected endpoints, steps to reproduce, logs or screenshots where possible) so we can investigate and respond quickly.