Privacy Policy
Last updated: March 2026
1. What We Collect
We only collect what we need to run the service. Nothing more.
- Account info — your email and name, so we can manage your subscription and send you service updates.
- Usage logs — things like timestamps, response codes, and latency. We use these to monitor performance and fix problems.
- Session data — a secure identifier that keeps you logged in. Stored server-side, protected by secure cookies that scripts can't access.
What we don't collect:
- No tracking pixels or ad beacons
- No device fingerprinting
- We never sell, rent, or share your data for marketing
2. How We Use It
Everything we collect serves one of these purposes:
- Running the service — authenticating your requests, enforcing rate limits, and returning accurate results.
- Improving reliability — understanding usage patterns so we can make the service faster and more relevant.
- Billing — processing payments and managing subscriptions for paid plans.
- Support — helping you when something goes wrong.
That's it. Your data is never used for advertising or sold to third parties.
3. How We Protect Your Data
Security isn't an afterthought — it's built into every layer:
- HTTPS everywhere — every connection is encrypted with TLS.
- US-based servers — all data stays within the United States.
- Passwords — hashed with bcrypt (12 rounds). We never see or store your actual password.
- API keys — hashed with SHA-256 the moment they're created. You see your key once, then it's stored as a one-way hash. Revocation is instant.
- Sessions — stored server-side, delivered through secure cookies that can't be read by browser scripts, with built-in CSRF protection.
- Database protection — all queries are parameterized to prevent injection attacks, backed by framework-level protections against XSS and other common vulnerabilities.
No system is perfect, but we actively monitor for vulnerabilities and patch quickly.
4. Third Parties
We work with a small number of providers. Here's exactly who gets what:
| Provider | What They Receive | Why |
|---|---|---|
| Stripe | Payment details | Process transactions. We never store your card number. |
| Email provider | Email address only | Send account notifications and service updates. |
| Infrastructure | Data we host | Hosting, database, and CDN — under strict data processing agreements. |
That's the complete list. No ad networks, no analytics vendors, no data brokers.
5. Cookies
We use three cookies — all functional, none for tracking:
- Session — keeps you logged in.
- CSRF token — a security measure that prevents other sites from making requests on your behalf.
- Remember me — keeps you signed in across visits, if you choose.
All three are secure, server-readable only (not accessible to JavaScript), and scoped to our domain. No tracking cookies, no advertising cookies, no third-party cookies.
6. How Long We Keep It
Different data has different lifespans:
| Data Type | Retention Period |
|---|---|
| Account information | Duration of your account, plus 30 days after deletion |
| Usage logs | 30 days, then automatically deleted |
| Session data | Cleared when you log out or the session expires |
7. Your Rights
It's your data. Here's what you can do with it:
- Access — request an export of everything we have on you.
- Correction — something wrong? Let us know and we'll fix it.
- Deletion — ask us to delete your account and all associated data. We'll process it within 30 days.
- API key revocation — revoke any key instantly from your dashboard. It's invalidated the moment you click.
- Opt-out — unsubscribe from non-essential emails anytime via your account settings or the link in any email.
For any of these, reach out at .
8. Changes to This Policy
If we make meaningful changes to this policy, we'll email you at least 30 days before they take effect. Small clarifications or formatting fixes may happen without notice.
9. Contact
Questions about this policy or how we handle your data? Get in touch:
Privacy Inquiries