PassMonitor logo PassMonitor
PT EN

Privacy Policy

Last updated: March 1, 2026

1. Information We Collect

To provide our data breach verification service, we collect and process the following information:

  • Email address: used exclusively for breach verification and OTP code delivery. Your email is not permanently stored after verification
  • Browsing data: technical information such as IP address, browser type, operating system, and language, used for security, abuse prevention, and aggregate analysis
  • Analytical cookies: we use Google Analytics (via Google Tag Manager) to understand site usage patterns anonymously and in aggregate
  • Access logs: server logs temporarily maintained for security purposes, as required by applicable law

2. Legal Basis for Processing

The processing of personal data by PassMonitor is based on the following legal grounds:

  • Consent: by entering your email and requesting verification, you consent to processing for the specific purpose of breach lookup
  • Legitimate interest: for service security, fraud prevention, and platform improvement
  • Legal obligation: maintenance of access records as required by applicable regulations

3. How We Use Your Data

Your data is used exclusively for:

  • Verifying email ownership via OTP code
  • Querying known and publicly available data breach databases
  • Protecting the security and integrity of the service
  • Preventing abusive, automated, or fraudulent usage
  • Generating anonymous and aggregated usage statistics
  • Complying with applicable legal and regulatory obligations

PassMonitor does not use your data for marketing, targeted advertising, sale to third parties, or any purpose not described in this policy.

4. Storage and Retention

We follow the principle of data minimization. OTP verification codes are valid for 5 minutes and are automatically deleted after expiration or use. We do not permanently store passwords, sensitive breach data, or query results.

Verification records and access logs are retained for the minimum period required by law and are deleted thereafter. Analytical data is stored in aggregate and anonymized form, without the possibility of individual identification.

5. Data Sharing

We do not sell, rent, or share your personal data with third parties for commercial, advertising, or marketing purposes. We may share information only under the following circumstances:

  • When required by law, court order, or competent authority
  • When necessary to protect the legal rights, security, or property of PassMonitor and Codecortex Tecnologia
  • With essential service providers (hosting, infrastructure, transactional email), under confidentiality and equivalent data protection agreements
  • To respond to emergency situations involving risk to any person's safety

Our service providers operate under their own privacy policies and in compliance with international data protection standards.

6. International Data Transfers

Some of our service providers may be located outside your country of residence. In such cases, we ensure that international data transfers comply with applicable regulations, using providers that adopt adequate data protection standards, including standard contractual clauses and international security certifications.

7. Security

We employ appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (HTTPS/TLS) for all communications
  • Restricted access control to infrastructure and data
  • Continuous security monitoring and anomaly detection
  • DDoS protection and rate limiting
  • Automatic deletion of temporary data after expiration

While no system is 100% secure, we are committed to industry best practices and continuous improvement of our security measures. PassMonitor is not responsible for unauthorized access resulting from failures in the user's device or network.

8. Your Rights (GDPR/LGPD)

Under applicable data protection regulations, you have the right to:

  • Confirmation of processing and access to your personal data
  • Correction of incomplete, inaccurate, or outdated data
  • Anonymization, blocking, or deletion of unnecessary or non-compliant data
  • Data portability to another service provider
  • Deletion of data processed based on consent
  • Information about public and private entities with which we share data
  • Information about the option to withhold consent and its consequences
  • Withdrawal of consent at any time

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 15 business days as provided by law.

Important: due to the nature of our service and the data minimization principle, in most cases we do not have personal data permanently stored, which may limit the exercise of certain rights.

9. Cookies

We use essential cookies for website functionality and analytical cookies (Google Analytics via Google Tag Manager) to understand service usage in aggregate. Analytical cookies do not collect personally identifiable information.

You can disable cookies in your browser settings, but this may affect website functionality. Continued use of the site constitutes consent to the use of cookies as described in this policy.

10. Children's Privacy

PassMonitor is not directed at individuals under 18 years of age. We do not knowingly collect data from minors. If a legal guardian identifies that a minor has used the service, they may contact us to request data deletion.

11. Limitation of Liability

PassMonitor provides information about publicly known data breaches for informational purposes only. We do not guarantee the completeness, absolute accuracy, or timeliness of the information presented. The service does not constitute professional information security, legal, or technical advice.

PassMonitor and Codecortex Tecnologia shall not be liable for any direct, indirect, incidental, special, or consequential damages arising from the use or inability to use the service, including but not limited to financial losses, data loss, business interruption, or moral damages.

12. Source of Breach Data

Breach information displayed by PassMonitor is obtained from publicly available sources and known data breach databases. PassMonitor does not participate in obtaining, distributing, or commercializing leaked data. We operate exclusively as a lookup tool so users can check if their data was exposed and take appropriate protective measures.

13. Changes to This Policy

This policy may be updated periodically to reflect changes in our practices or applicable legislation. Significant changes will be communicated on the website. The "Last updated" date at the top of this page will be updated with each modification. Continued use of the service after changes constitutes acceptance of the updated policy.

14. Governing Law

This policy is governed by Brazilian law, in particular the LGPD (Law No. 13,709/2018) and the Brazilian Internet Framework (Law No. 12,965/2014). Any disputes shall be submitted to the courts of São Paulo, SP, Brazil, to the exclusion of any other jurisdiction.

15. Data Protection Officer Contact

For questions related to privacy and data protection, contact our data protection officer at [email protected].

PassMonitor is a service by Codecortex Tecnologia.