Leaked.

Legal · Privacy

Privacy Policy

Last updated · May 30, 2026

Leaked is built by ZBGC LLC(“Leaked,” “we,” “us”). Leaked helps you check whether your personal information has appeared in known data breaches. This policy explains exactly what we process, what we don't, and the choices you have. The short version: Leaked is private by design— your searches aren't tied to your identity, and we don't keep a copy of what you look up.

What we process

The values you search. When you run a check, the value you enter (such as an email address, phone number, username, or other identifier) is sent over an encrypted connection to our breach-search providers so they can look for matches. We do not attach your name, an account, or a device identifier to that request, and we do not store the value — or any hash of it — on our servers after the lookup completes.

De-identified usage counts. For email and phone checks we keep a minimal, aggregate record — which kind of check ran and how many breaches were found — with no identifier, IP address, or copy of the search term. These records automatically expire after 30 days and exist only to understand overall volume.

Data that stays on your device. Your scan history is stored locally on your device in masked form. Full values for any monitors you save are stored in the iOS Keychain on your device. This information is not transmitted to us.

Password checks. If you check a password, Leaked uses k-anonymity: only a short, partial hash prefix is sent to the lookup service. Your full password never leaves your device.

Subscriptions. Purchases are processed by Apple and managed through our payments provider, RevenueCat. We receive anonymous subscription status so we can unlock features; we do not receive your Apple ID, name, or payment details.

Diagnostics. Like any hosted service, our infrastructure may briefly record standard request metadata (for example, an IP address at the network level) for security and reliability. This is never joined to the value you searched.

Service providers

We share the minimum necessary with vetted providers who process data on our behalf: Apple (app distribution and payments), RevenueCat (subscription management), Supabase (backend hosting), and licensed breach-search data providers that power the lookups. We never sell your information.

What we don't do

  • We don't sell or rent your personal information.
  • We don't use advertising or cross-app tracking SDKs.
  • We don't require an account to use core features.
  • We don't retain the terms you search.

Retention

De-identified usage counts are deleted automatically after 30 days. On-device history and saved monitors remain until you delete them or remove the app.

Your choices

You can clear your on-device history and remove saved monitors at any time from within the app, disable notifications in iOS Settings, and manage or cancel your subscription through the App Store. Because Leaked doesn't maintain an account tied to you, there is no server-side profile to delete.

Children

Leaked is not directed to children and is intended for users who are at least 16 years old.

Changes

We may update this policy from time to time. Material changes will be reflected by the “last updated” date above.

Contact

Questions about privacy? Reach us at support@zbgcllc.com or visit zbgcllc.com.