Hack Check only exists in the first place because of violations of privacy. Our data is leaked, sold, redistributed and abused to our detriment and beyond our control. Hack Check help give us visibility as to how our personal data spreads. Whilst we may no longer be able to control it once breached, we can at least understand what's been leaked, where it's been leaked from and what precautionary measures we can now take as a result.
The Hack Check service is powered by HaveIBeenPawned.com (HIBP). When a data breach is loaded into HIBP, only the email addresses are stored in the online system. No other data of any kind (names, phone numbers, etc) are stored on data load. HIBP also stores a list of data classes that were impacted in each breach. For example, it will state that email addresses and passwords appeared in a breach, but no information about which email addresses had corresponding passwords nor what those passwords are is stored. The passwords are not stored on our servers.
Searching for an email address only ever retrieves the address from storage then returns it in the response, the searched address is never explicitly stored anywhere. See the Logging section below for situations in which it may be implicitly stored.
Only the bare minimum logs required to keep the service operational and combat malicious activity are stored. This includes transient web server logs, logging of unhandled exceptions using Raygun, Google Analytics to assess usage patterns and Application Insights for performance metrics. Your email addresses are not logged.
StarkVPN is a VPN and data security company. The Hack Check service is powered by HaveIBeenPawned.com (HIBP).
HIBP is owned and operated by Superlative Enterprises Pty Ltd, an Australian proprietary limited company (ABN 62 085 442 020) based in the state of Queensland. All services are hosted in the West US Microsoft Azure data centre.