We use it once to run our query and then it's discarded. We don't store it on our server for any reason. The only time we store emails addresses is if you've requested to be notifited of any future breach updates.
Everything that has been merged into our database has been obtained from the public domain.
"breach" is an incident where a hacker illegally obtains data from a vulnerable system, usually by exploiting weaknesses in the software. All the data in the site comes from website breaches which have been made publicly available.
No. The intention of the site is to map email addresses and usernames to data breaches and storing the passwords here would do nothing to achieve that end. We do analysis the password for some general statistics but they are never stored, or made public.
No. We don't have them.
I do try and kept up to date as much as I can there will always be breaches that never result in the public release of data and indeed many breaches even go entirely undetected. "Absence of evidence is not evidence of absence"
Nothing is explicitly logged by the website. The only logging of any kind is via the normal Nginx access and error logging for diagnostic purposes.