Years ago I registered at deepgram.com while trying to transcribe a podcast episode, with username+deepgram.com@example.org as my e-mail address. Today I received spam mails to that email address.
I contacted their security@
mailbox and asked if they have
been hacked, but they denied that:
We apologize for the inconvenience you are experiencing. We can confirm that we did not experience a breach, but that data is shared in accordance with our privacy policy, and with the vendors specified in our subprocessors list https://deepgram.com/privacy/subprocessors.
So they know that their "subprocessors" are selling/losing/whatever user account data and are fully ok with it.