Privacy Policy — NortheastVault

Plain language summary: NortheastVault is a free breach checker. We check if your email has appeared in known data breaches using the k-anonymity method — your full email address is never transmitted to any server. We do not store your email. We do not track you. We do not sell data.

1. Who we are

NortheastVault is a free digital identity tool, part of the same network as SafeSignal (safesignal.ch). References to "NortheastVault", "we", "us", or "our" refer to the operator of northeastvault.com.

Our infrastructure runs on Cloudflare (US/global CDN). For EU/EEA users, we act as the data controller for any personal data processed.

Contact: contact@northeastvault.com

2. What data we collect — and what we don't

2.1 Breach checker — email addresses

When you use our breach checker, you enter an email address. Here is exactly what happens:

Your email address is hashed locally in your browser using SHA-1.
Only the first 5 characters of that hash (a "k-anonymity prefix") are sent to the HaveIBeenPwned API.
The API returns a list of matching hash suffixes — your browser checks locally if your full hash is in that list.
Your full email address never leaves your device. It is never sent to our servers, never sent to HaveIBeenPwned, and never stored anywhere.

2.2 Technical data

Like all websites, Cloudflare's CDN automatically processes standard technical information when you visit, including IP address, browser type, pages visited, and referring URL. This is used for security and CDN performance — we do not use it to identify individuals.

2.3 What we do NOT collect

Email addresses entered into the breach checker
Advertising cookies or tracking pixels
Google Analytics or any third-party analytics
User accounts or profiles
Payment information (the service is free)

3. Third-party services

HaveIBeenPwned API: Only a 5-character hash prefix is transmitted — never your email or full hash. See haveibeenpwned.com for their privacy policy.

Cloudflare: Our CDN and security provider. Standard connection data is processed under Cloudflare's privacy policy (cloudflare.com/privacypolicy).

4. Legal basis (GDPR / Swiss nDSG)

Technical data is processed under legitimate interests (Art. 6(1)(f) GDPR) for security and performance. Since no email addresses or personal identifiers are collected, no further legal basis is required for the core breach-checking functionality.

5. Your rights

You have rights under GDPR, Swiss nDSG, and applicable US state laws including access, correction, deletion, and portability. Since we do not store identifiable personal data, there is typically nothing held about you to access or delete.

For specific concerns: contact@northeastvault.com

You may also lodge a complaint with the Swiss FDPIC at edoeb.admin.ch or your local EU supervisory authority.

6. Cookies

We use no advertising cookies, analytics cookies, or third-party tracking. No cookie banner is required to use our service.

7. Children's privacy

NortheastVault is not directed at children under 16. Contact us at contact@northeastvault.com if you have concerns.

8. Changes

We may update this policy from time to time. Changes will be posted on this page with an updated date.

9. Contact

NortheastVault — Privacy enquiries

Email: contact@northeastvault.com

Website: northeastvault.com

Part of the SafeSignal network · Zürich, Switzerland