Privacy guide

How do websites already know my email address?

Why a site seems to know your email before you type it, how email matching and identity tools work in India, and how to limit it.

The simple answer

Sometimes a form prefills your email, or a brand emails you after a visit you thought was anonymous. This usually happens because your email, or a hashed version of it, is already linked to your browser or device through earlier signups or partners.

Identity and marketing tools can match a known email to your activity. So the site is not magically reading your mind; it is recognising an identifier that already existed.

What to check

1
Notice when forms prefill your email.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

2
Look for identity-matching or partner language in policies.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

3
Check whether hashed emails are mentioned.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

4
Use separate emails for signups you do not fully trust.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

From our investigation

Email can be a hidden identity key.

In the investigation, identity tools mattered because an email, even hashed, can connect your activity across different sites and turn an "anonymous" visit into a known one.

What to do next

1
Use email aliases for low-trust signups.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

2
Ask companies where they obtained your email.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

3
Request deletion if a brand contacts you without a clear basis.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

People also ask

How did a site get my email without me typing it?

It may already be linked to your browser or device through earlier signups, logins or partner data.

What is a hashed email?

It is a scrambled version of your email used to match you without storing the plain address, but it can still identify you.

How do I reduce this?

Use aliases, separate emails and ask companies to delete data when there is no clear reason to hold it.

If you are a company
Check your own website.

How many trackers run on your pages? Does your privacy policy name them? Can you answer a data-rights email? If you don't know, we can help you find out.

Talk to Meridian Bridge Strategy →
Your right under Indian law
Mera data mera hai.

Your personal data belongs to you. Under DPDP, every company must tell you what they have and delete it if you ask. One email is all it takes.

Get the template email →
Read the full investigation.

We investigated 107 Indian company websites. The public report shows what we found.

Read the reportTry the experience