The terms and conditions of this Privacy Policy (the "Policy") apply to any information that HaveIbeenLummed (the Service) receives and/or may receive about physical/legal entities or individual business persons constituting the users/visitors (the "User") of this website during the course of the User using (or in connection with the User using) the Service.

This site is privately owned and operated by Emanuele De Lucia (the "Right Holder"). The Right Holder can be contacted here for any inquiries: email [@] emanueledelucia.net

1. Acceptance of Terms

By using the Service, users acknowledge and understand that their submitted data ARE NOT permanently stored or used for any purpose other than the scope.

The User unconditionally and entirely accepts the terms and conditions of the Policy as soon as he or she starts using the Service. If the User disagrees with the Policy or with any of its terms and conditions, he or she has no right to use the Service.

2. Information Collected

Information about Users that the Right Holder receives and/or may receive and process:

2.1. User-Provided Information

This site processes email addresses that users voluntarily submit to the Service for the sole purpose of use it to verify its presence within data originating from so-called "Online Data Scraping" activities. "Online data scraping," also known as web scraping, refers to the process of automatically extracting data from known sources (in this case may be dark/deep forums, Telegram channels etc.etc.) using a script or software. The scraped online data comes from freely available resources (so-called Open Sources) and can be in various formats (in this case the most common are text, links and archives). The service does NOT collect data a priori, but performs a dedicated search for each individual user who requests it. For this reason, the results are not immediate but are communicated with a considerable delay that can reach 24 hours. The Service DOES NOT, under any circumstances, search for or process emails for which it has not obtained an explicit consent. The Service DOES NOT store permanently the submitted email addresses or retain any records of the searches performed. All User records that request the Service are permanently deleted after the process ends.

This site provides a Service that requires users to validate ownership of the submitted email.

For a limited period of time (1 hour for NON validated emails and up to 24 hours for correctly validated emails) the Service locally saves a cryptographic fingerprint of the emails of users who decide to use the service.

2.2. Automatically Transmitted Information

Information that, while the User is using the Service, are automatically sent due to the nature of the Internet to the Right Holder by the User’s devices. Such information includes but is not limited to: the User’s IP address, the User’s browser and the time of the request.

2.3. Advertising, Cookies and Analytics

This website DOES NOT use cookies or similar tracking technologies for advertising, analytics, or any other non-essential purposes. The website, however, can use cookies that are strictly necessary for the basic functionality of the website, such as session management or security purposes.

3. Purpose of Information Collection and Processing

The Right Holder’s reasons for receiving (collecting) and processing the information mentioned in clauses 2.1 and 2.2 of this Policy (the "Information"):

3.1. Providing Services

Information relating to users who use this service ARE NOT permanently stored / recorded and will never be used for commercial purposes or other than the scope of this Service.

4. Information Sharing and Disclosure

Conditions for processing the Information and distributing it to third parties:

4.1. Data Storage and Compliance

The Service implements strict data protection measures to ensure compliance with applicable privacy regulations.

The local database is used to temporarily store a cryptographic fingerprint of user's emails and does not contain data in plain text. All stored data is processed using cryptographic hashing functions with randomly generated salts, making it technically infeasible to reverse-engineer or reconstruct the original email addresses.

At no point does the Service retain PII (Personally Identifiable Information) data in a form that would allow for their retrieval. The hashing methodology employed ensures that even in the event of unauthorized access, the original data remain undiscoverable. The Service DOES NOT permanently store, share (not even in part), or otherwise process submitted user's data beyond what is necessary to provide this Service.

4.2. Third-Party Transfers

The Right Holder DOES NOT transfer, share (not even in part) or send any type of information to third parties.

6. Data Security

6.1. Security Measures

The Right Holder takes all necessary and sufficient organisational and technical measures within its control to protect the Information from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, and other illegal actions on the part of third parties.

7. General Provisions

7.1. Policy Changes

The Right Holder has the right to change the Policy without giving prior notice to the User. A new version of the Policy comes into force as soon as it is published, unless stated otherwise by the new version of the Policy. The most current version of the Policy is always located at https://www.haveibeenlummed.com/privacy.php. The laws of the Italian apply to this Policy and the relationship that arises between the User and the Right Holder as a result of this Policy being applied: Privacy information pursuant to art. 13 Legislative Decree 30.6.2003 n. 196 ("Privacy Code") and art. 13 EU Regulation no. 2016/679 ("GDPR").

8. Legal Basis

8.1. Legal Basis for Processing

The processing of personal data within the Service is carried out on the legal basis of legitimate interest, as provided under Article 6(1)(f) of the General Data Protection Regulation (GDPR).The legitimate interest pursued by the Service consists in providing users with a security tool that enables them to verify whether an email address has potentially been compromised by malware or subject to unauthorized use.The processing is strictly limited to what is necessary to achieve this purpose, without storing or further processing any type of submitted data beyond the scope. The Service operates in a manner that minimizes any impact on the rights and freedoms by implementing robust security measures, verifying the rightful owner of the processed emails and ensuring that no PII (Personally Identifiable Information) is permanently retained.

8.2. Right to Object

Users have the right to object to this processing under Article 21 of the GDPR, unless compelling legitimate grounds for the processing override their interests, rights, and freedoms. If a user wishes to exercise this right, it's possibile to contact the Service's owner at 'email [@] emanueledelucia.net'

9. Prohibited Use and Abuse of the Service

Users agree to use the Service solely for its intended purpose and in compliance with applicable laws and regulations. Any misuse, abuse, or unauthorized use of the Service is strictly prohibited. This includes, but is not limited to, submitting email addresses without proper authorization or for unlawful, fraudulent, or malicious purposes, attempting to reverse-engineer, manipulate, or exploit the Service or its underlying technology, using automated tools, bots, or scripts to submit excessive requests or disrupt the normal operation of the Service, and engaging in any activity that may compromise the security, integrity, or availability of the Service or the data it processes. The Service reserves the right to suspend, restrict, or terminate access to any user and at any time, as well as to take any necessary legal action to prevent harm or unlawful activity. Furthermore, any attempts to circumvent the security measures in place may be subject to legal consequences under applicable cybersecurity and data protection laws.By using the Service, users acknowledge and agree to these terms. Any violation of this clause may result in immediate termination of access without prior notice and may be reported to the relevant authorities.