1. Information We Collect

1.1 Account Information

When you subscribe, we collect your email address for account management, billing, and service communications. We do not require or collect names, phone numbers, or physical addresses.

1.2 Payment Information

Payment card details are processed and stored by third-party payment processors: Stripe Inc. and PayPal Holdings, Inc. for USD transactions, and Razorpay Software Private Limited for INR transactions. We never have direct access to your full payment card number. We receive only transaction confirmations, subscription status, and payment metadata necessary for billing operations. These processors are PCI DSS compliant and follow industry best practices for securing payment data.

1.3 API Usage Data

We log API requests for billing, rate limiting, security, and service improvement. Logs include: timestamps, endpoints accessed, request counts, response codes, and API keys (not request/response bodies). Usage data is retained for 90 days.

1.4 Analytics and Cookies

We use third-party analytics and marketing tools to understand website traffic patterns, user behavior, and conversion metrics. These services may collect anonymized data and set cookies in your browser. You can disable cookies through your browser settings at any time. We do not track or collect personal information from API requests.

2. How We Use Your Information

We use collected information to:

Process payments and manage subscriptions
Enforce rate limits and prevent abuse
Provide customer support and respond to inquiries
Send service notifications (downtime, updates, billing)
Improve API performance and reliability
Comply with legal obligations

3. Information Sharing and Third Parties

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We share data only with trusted service providers under strict confidentiality agreements:

Payment Processors: Stripe (USD), PayPal (USD), Razorpay (INR) for subscription billing, payment processing, and refunds
Cloud Infrastructure: Hosting providers for API services, database storage, and Redis caching
Analytics Services: Microsoft Clarity (session replay and heatmaps) and Facebook Pixel (conversion tracking) on public pages only - these services collect anonymized usage data
Email Service: AWS SES for transactional emails (subscription confirmations, support responses)
Legal Authorities: When required by law, court order, or to protect our legal rights and safety

All third-party processors are contractually obligated to protect your data and use it only for the purposes we specify. We conduct due diligence on all service providers to ensure they meet our security and privacy standards.

4. Data Security

We implement industry-standard security measures including HTTPS/TLS encryption, secure password hashing, API key encryption, and regular security audits. However, no system is 100% secure. You are responsible for keeping your API key confidential.

5. Data Retention

We retain account and subscription data for as long as your account is active plus 2 years for legal/financial compliance. API usage logs are retained for 90 days. You may request account deletion by contacting us - we will delete your data within 30 days except where legally required to retain records.

6. Your Rights

You have the right to:

Access your personal information
Correct inaccurate data
Request data deletion (account closure)
Export your API usage data
Opt out of marketing emails (service emails are required)

7. International Transfers and GDPR Compliance

Our infrastructure is distributed globally. Your data may be transferred to, stored, and processed in countries outside your jurisdiction, including but not limited to the United States and India. These countries may have different data protection laws than your country of residence.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we comply with GDPR requirements. We use Standard Contractual Clauses (SCCs) approved by the European Commission for data transfers to countries without adequacy decisions. By using the Service, you consent to these international transfers.

EEA/UK users have additional rights under GDPR, including the right to lodge complaints with your local data protection authority. You may contact us to exercise your rights or request information about our data protection measures.

8. Children's Privacy

Our Service is not intended for individuals under 18. We do not knowingly collect information from children. If we discover underage users, we will terminate their accounts immediately.

9. Changes to Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to active subscribers 30 days before taking effect. The "Last updated" date at the top indicates the most recent revision.

10. Contact

Privacy questions or data requests? Contact us through our contact page.