V

VZGen ← Back to home

Privacy Policy

Last updated: April 2026  ·  Applies to all VZGen services at vzgen.store

1. Who We Are and Scope

VZGen ("we," "us," "our") operates the phone number carrier verification platform accessible at vzgen.store. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and your rights regarding that data.

This Policy applies to all users of the VZGen platform, including visitors to our website, registered account holders, and API users. It does not apply to the telephone numbers or subscriber data that users verify through the platform — that data belongs to the users and their own privacy obligations.

2. Data We Collect

2.1 Account Data

• Email address — used for authentication, notifications, and support communications. Required to create an account.
• Password — stored exclusively as a bcrypt hash. We never store or have access to your plaintext password.
• Account creation date and last login timestamp
• Preferred language setting (English or Spanish)

2.2 Usage Data

• Job history — records of verification jobs you run, including number count, filters used, status breakdown (live/transferred/no signal/dead), and timestamps. Retained for 90 days.
• Credit balance and transaction history — credits purchased, credits consumed per job, current balance.
• Area code and block performance data — aggregated statistics on NPA-NXX block hit rates, derived from your jobs and other users' jobs, used to power Hot Zones analytics. This data is not linked back to individual users in our analytics systems.

2.3 Payment Data

• our payment processor transaction IDs — the unique transaction reference provided by our payment processor when you complete a USDT payment.
• Payment amount and timestamp
• USDT wallet address (sender) — provided by our payment processor as part of payment confirmation; retained for fraud prevention and legal compliance.

We do not collect, store, or process credit card numbers, bank account details, government-issued identity documents, or any other financial account information.

2.4 Technical and Security Data

• IP address — logged per request for security purposes, rate limiting, and fraud detection. Retained for 12 months.
• Session data — an encrypted session cookie used to maintain your authenticated session. No persistent tracking identifiers.
• User agent string — your browser/client identifier, used for security and bot detection.
• Failed login attempts — logged to enforce account lockout protections and detect brute-force attacks.

3. How We Use Your Data

Purpose	Data Used	Legal Basis (GDPR)
Authenticate you and maintain your account session	Email, password hash, session cookie, IP address	Contract performance
Process credit purchases and apply credits to your account	Transaction ID, amount, wallet address	Contract performance
Execute number verification jobs and return results	Job parameters, credits, usage history	Contract performance
Send transactional notifications (job complete, payment confirmed, low credits)	Email address	Contract performance
Detect, prevent, and investigate fraud, abuse, and security incidents	IP address, login history, payment data	Legitimate interests
Improve platform performance and Hot Zones analytics	Aggregated, anonymized block performance data	Legitimate interests
Comply with legal obligations and respond to lawful requests	Any data as required by law	Legal obligation

We do not use your data for advertising, behavioral tracking, or sale to third parties. We do not send marketing emails beyond transactional notifications.

4. Third-Party Data Processors

We share data with the following processors solely to operate the Service:

• our carrier network verification provider — Phone numbers you submit for verification are sent to this third-party API to query carrier network status. This is the core function of the Service. By using VZGen, you consent to phone numbers being transmitted to this API. We do not share any of your account data (email, IP, etc.) with this service.
• our cryptocurrency payment processor — Our cryptocurrency payment processor. Payment transactions are processed and confirmed by our payment processor. We receive transaction confirmation data (transaction ID, amount, status) from our payment processor. Your payment data is subject to our payment processor's Privacy Policy.
• our hosting provider (EU-based data center) — Our server infrastructure is hosted at an EU-based data center (Germany). Our hosting provider processes data on our behalf as a data processor under a Data Processing Agreement.
• Email delivery provider — Transactional emails (job completions, payment confirmations) are sent through an email delivery service. Only your email address and the content of the notification are shared.

We do not share your data with any advertising networks, data brokers, analytics companies, or other third parties beyond those listed above.

5. Data We Do Not Collect

• Credit card numbers, debit card details, or bank account information
• Government-issued identification documents
• Biometric data of any kind
• Social security numbers or tax identification numbers
• Physical addresses or phone numbers of users
• Browsing history outside of our platform
• Information about the individuals whose phone numbers are verified through the Service — we return carrier status only

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may disclose your data only in the following circumstances:

• Legal process: In response to a valid subpoena, court order, search warrant, or other legally compelled disclosure from a government authority with jurisdiction over our operations.
• Protection of rights: When we believe in good faith that disclosure is necessary to protect our rights, prevent fraud, investigate abuse of the Service, or protect the safety of any person.
• Business transfer: In connection with a merger, acquisition, or sale of all or substantially all of our assets, in which case your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.
• With your consent: For any purpose you explicitly authorize.

7. Data Retention

Data Type	Retention Period
Account data (email, password hash, preferences)	Until account deletion, then 30 days for backup purge
Job history and results	90 days from job completion
Credit transaction history	As required by applicable financial recordkeeping laws (minimum 5 years)
IP address and security logs	12 months
Aggregated block performance statistics	Indefinitely (anonymized, not linked to any user)
Backup copies	Purged within 30 days of deletion

You may request deletion of your account and all associated personal data at any time by contacting privacy@vzgen.store. We will process deletion requests within 30 days, except where retention is required by law (e.g., financial transaction records).

8. International Data Transfers

Our primary servers are located in Germany (EU) and are operated by our hosting provider, which provides infrastructure under GDPR-compliant data processing terms.

When you submit phone numbers for HLR verification, those numbers are transmitted to our carrier network verification provider for processing. This service may process data outside the EU. By using the verification feature of the Service, you acknowledge and consent to this transfer for the sole purpose of carrier status lookup.

For EU/EEA users, where data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place in accordance with GDPR Chapter V, including standard contractual clauses where applicable.

9. Security Measures

We implement the following technical and organizational security measures to protect your data:

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS/HTTPS. HTTP connections are redirected to HTTPS.
• Password security: Passwords are hashed using bcrypt with a work factor of 12. We never store plaintext passwords.
• Session security: Sessions use cryptographically signed cookies. Sessions expire after 30 minutes of inactivity. Session cookies have the HttpOnly and Secure flags set.
• Rate limiting: Login attempts, API calls, and verification jobs are rate-limited to prevent brute-force and abuse.
• Network security: Our servers are protected by fail2ban intrusion prevention, nginx rate limiting zones, and connection limits per IP. Known malicious user agents are blocked at the network layer.
• Access control: Database and server access is restricted to authorized personnel only, protected by SSH key authentication.

Despite these measures, no system is completely secure. We cannot guarantee the absolute security of your data. In the event of a breach affecting your personal data, we will notify you as described in Section 14.

10. Cookies and Tracking

We use only the following cookies:

• Session cookie (required): A single encrypted session cookie named session that keeps you logged in during your browser session. This cookie contains no personally identifiable information and is not used for tracking. It expires when your session ends or after 30 minutes of inactivity.

We do not use:

• Advertising or retargeting cookies
• Third-party analytics cookies (Google Analytics, Facebook Pixel, etc.)
• Persistent tracking identifiers
• Cookies that track your activity across other websites

Because we use only a strictly necessary session cookie, cookie consent banners are not required under the ePrivacy Directive for our platform. If we add any non-essential cookies in the future, we will update this policy and obtain consent where required.

11. Your Rights — GDPR (EU/EEA Residents)

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

To exercise any of these rights, contact us at privacy@vzgen.store. We will respond within 30 days. We may request identity verification before processing your request. You also have the right to lodge a complaint with your local data protection supervisory authority (e.g., the CNIL in France, ICO in the UK, BfDI in Germany).

Lawful Basis: We process your personal data primarily on the basis of contract performance (to provide the Service you signed up for) and legitimate interests (security, fraud prevention, platform improvement). Where required, we rely on your consent, which you may withdraw at any time without affecting prior processing.

12. Your Rights — CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the CPRA grants you the following rights:

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purpose for collection, and the categories of third parties with whom we share it.
• Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions (e.g., legal obligations, security).
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: We do not sell personal information and do not share it for cross-context behavioral advertising. There is nothing to opt out of in this regard.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights. Exercising these rights will not affect your access to or pricing of the Service.
• Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined by the CPRA beyond what is necessary to provide the Service.

To submit a CCPA request, contact us at privacy@vzgen.store with the subject line "CCPA Request." We will respond within 45 days, with one 45-day extension where reasonably necessary.

13. Children's Privacy

The Service is not directed to persons under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a person under 18, we will delete it promptly. If you believe we have collected data from a minor, contact us at privacy@vzgen.store.

14. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (as required under GDPR Article 33), where feasible
• Notify you directly without undue delay if the breach is likely to result in a high risk to your rights and freedoms (GDPR Article 34)
• Notify affected US users in accordance with applicable state data breach notification laws

Breach notifications will be sent to your registered email address and will include: the nature of the breach, the categories and approximate number of records affected, likely consequences, and measures taken or proposed to address the breach.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes — such as changes to the categories of data we collect, new data sharing arrangements, or changes to your rights — will be communicated by email to your registered address at least 14 days before taking effect. Non-material changes (such as clarifications) may be made without prior notice, with the updated date noted at the top of this page.

Your continued use of the Service after the effective date of any changes constitutes acceptance of the updated Policy.

16. Contact and Data Requests

For privacy inquiries, data access requests, deletion requests, or to exercise any of your rights:

Privacy & Data Requests: privacy@vzgen.store
General Support: support@vzgen.store

We aim to respond to all privacy-related requests within 30 days. For complex requests or high volumes, we may extend this to 60 days and will inform you accordingly.

© 2026 VZGen. All rights reserved.