I’d rather not dox myself. They’re not a huge company. I promise you that this is not something uncommon.

Sorry, I thought the rest was implied. Because the company also sold user data (and stated that in the T&C’s). The industry is very aware of email aliases and so it is more valuable to have sanitized data.

I used to work for a product comparison company (think finance and insurance). We used to save the email address as typed for login and also with everything after the plus removed separately. For Gmail and certain other large providers, we also stripped out any dots e.g. a.j.uniquename@gmail.com became ajuniquename@gmail.com.