Broken URL CheckerURL CheckerRedirect CheckerBatch URL CheckerMass URL CheckerBulk Link CheckerHow It WorksPricingDevelopersBlog

Privacy Policy

Last updated: April 25, 2026

Bulk URL Checker ("we", "us") operates the URL validation service at bulkurlchecker.com and app.bulkurlchecker.com, the REST API at api.bulkurlchecker.com, and the MCP server at mcp.bulkurlchecker.com. This Privacy Policy explains what data we collect, how we use it, who we share it with, and how long we keep it.

Information We Collect

Account information. When you sign up we collect:

  • Email address (required for authentication via Clerk)
  • Display name and profile photo (optional, only if you provide them via Clerk)
  • OAuth identifiers from Google or other providers if you sign in with them
  • Payment information, handled entirely by Stripe; we never see or store your card number

Usage data. When you use the service we collect:

  • The URLs you submit for checking
  • The results of those checks (HTTP status codes, redirect chains, response times, error reasons)
  • API keys you generate (we store only an irreversible bcrypt hash; the plaintext key is shown to you once at creation and never stored on our side)
  • API request logs (timestamp, endpoint, HTTP status, response time) for the past 30 days, used for debugging and abuse detection
  • Browser, device, and approximate-IP information for security and product analytics
  • A salted, irreversible HMAC-SHA256 hash of the IP address used at signup, plus broad device characteristics (operating system, device type, screen resolution). We never store the raw IP. The hash lets us detect repeat free-tier signups from the same network within a 24-hour window without retaining personally identifiable network data.

What we do not collect. We do not collect health data, financial data beyond what Stripe holds, government IDs, or biometric data. We do not collect data about anyone except the authenticated account holder.

How We Use Your Information

  • Provide the URL checking service (running checks, returning results, sending email notifications when jobs complete)
  • Authenticate you and prevent unauthorized access to your account
  • Process payments and manage credit balances
  • Detect and prevent fraud, abuse, or violations of our Terms
  • Improve the service via aggregated, non-identifying analytics
  • Send you transactional email (job completion, billing receipts, account changes)
  • Comply with legal obligations

Data Retention

We keep data for the following periods:

  • URL check results: 30 days from job completion. After that the per-URL results are auto-deleted; only aggregate totals (job counted toward your usage) are retained.
  • Account data: while your account is active and for up to 90 days after deletion (in case of accidental deletion or legal hold), then permanently removed.
  • Payment records: as required by tax and accounting law (typically 7 years for invoices), held by Stripe.
  • API request logs: 30 days, then deleted.
  • Backups: encrypted off-site backups are retained for 30 days on a rolling basis.

Third-Party Services We Use

We use third-party services to operate the product. Each processes only the subset of data necessary for its function, governed by its own privacy policy and a data-processing agreement with us:

  • Authentication: Clerk handles sign-in, session management, and OAuth-host-token issuance.
  • Payments: Stripe processes credit purchases and subscriptions; we never see or store card numbers.
  • Email delivery: a transactional email provider sends job-completion and billing emails; a separate provider handles marketing-site contact-form delivery.
  • Outbound URL fetching: a commercial proxy network performs the actual HTTP requests to the URLs you submit. The proxy provider receives only the URL string being checked, never your account email, name, or any other identifier tied to you.
  • File storage: a major cloud-storage provider stores uploaded CSV files and generated export reports for the duration of your job's retention window.
  • Hosting: standard cloud hosting and CDN providers serve the marketing site, the app frontend, and the backend services.
  • Web analytics & product analytics: Google Analytics 4, Google Ads conversion tracking, and PostHog for product-usage analytics including session replay.

We do not sell your personal data. We do not use your data to train AI models. If you need a complete and current list of our sub-processors with provider names, contact us at bulkurlchecker@gmail.com and we'll send it.

MCP Server & Third-Party AI Integrations

When you connect Bulk URL Checker to Claude.ai, ChatGPT, or another MCP host, your AI assistant calls our MCP server on your behalf. The integration uses OAuth 2.1 with dynamic client registration, meaning:

  • You authenticate with our service directly, the AI host never sees your password.
  • Tool calls from the AI host arrive with a token that authorizes them to act on your account.
  • The AI host (Anthropic, OpenAI, etc.) sees only the data its tool call returns, e.g., a list of URL check results. They do not get access to your full account, billing data, or other users.
  • You can revoke an AI host's access at any time from your dashboard.

Use of the AI host (Claude, ChatGPT) is governed by that host's privacy policy, not ours. We have no control over what they do with the conversation that triggered the tool call.

Data Security

  • All transport is HTTPS/TLS 1.2 or higher.
  • Data at rest is encrypted by the underlying cloud database, object storage, and managed-disk providers we use.
  • API keys are stored as bcrypt hashes; the plaintext is shown only once at creation.
  • Production access is restricted to authorized team members via SSH key authentication.
  • Daily encrypted backups are taken and stored off-site.

No system is perfectly secure. We will notify affected users promptly if we detect a breach involving their personal data.

Your Rights

Regardless of where you live, you can:

  • Access, request a copy of your data
  • Correct, update inaccurate information directly in your account, or by emailing us
  • Delete, permanently delete your account and all associated data
  • Export, download your data in a machine-readable format (CSV / JSON)
  • Object, ask us to stop processing your data for a specific purpose
  • Opt out of marketing, via the unsubscribe link in any marketing email, or by emailing us

To delete your account: sign in, go to your dashboard, and use the account deletion option in account settings, or email us at bulkurlchecker@gmail.com with the subject "Account deletion" from the email address on file. We confirm receipt within 7 days and complete the deletion within 30 days.

GDPR and CCPA residents have additional rights including the right to lodge a complaint with their supervisory authority and the right not to be subject to fully automated decision-making that produces legal effects on them. We do not engage in such automated decision-making.

International Data Transfers

Our infrastructure is hosted in the United States. If you are outside the U.S., your data is transferred to and processed in the U.S. We rely on Standard Contractual Clauses where applicable for transfers from the EU/UK.

Cookies and Tracking

We use cookies and similar technologies for authentication, analytics, and product improvement. Specifically:

  • Authentication cookies (set by Clerk), required for sign-in to work; cannot be disabled
  • Analytics cookies (Google Analytics, PostHog), help us understand product usage; can be controlled via the cookie consent banner on our marketing site
  • Conversion-tracking cookies (Google Ads), measure ad campaign effectiveness

You can clear cookies in your browser settings at any time. Doing so will sign you out and reset analytics opt-in state.

Children's Privacy

The service is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If we learn we have collected such information, we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy. Material changes will be announced via email and/or a notice on the site at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.

Contact Us

For privacy questions, data requests, or any concern about how we handle your information:

We respond to privacy requests within 30 days, often much sooner.

We use analytics cookies to improve your experience. Opt out anytime in Cookie Settings. Privacy Policy

Settings