A clear overview of what data is processed, why it is processed, and how it is protected. We describe responsibilities on both sides so teams can align legal, security, and operational practices before moving to production.
This policy explains what data we process, why we process it, and how responsibilities are split between us and service users.
We may process account identity data, billing metadata, API request/response logs, technical telemetry (IP, user agent, timestamps), antifraud context, and contact-form submissions.
Data is processed to provide API functionality, secure authentication, detect abuse/fraud, support analytics and debugging, process payments, and respond to customer communications.
Processing is based on contract performance, legitimate interests in security and service quality, and legal obligations where applicable. Customer-side lawful basis for end-user data remains the customer responsibility.
We are responsible for platform-side safeguards and secure service operation. You are responsible for your application logic, notices, consent management where required, retention choices on your systems, and lawful use of API outputs.
We implement layered controls including access restrictions, authentication controls, monitoring, anti-spam mechanisms, operational logging, and incident response procedures. Controls are continuously reviewed and improved.
Data is retained only as needed for service operation, troubleshooting, fraud prevention, legal compliance, and dispute handling. Retention periods may vary by data type and contractual/legal requirements.
Selected providers (for hosting, analytics, email delivery, captcha, and payments) may process limited data necessary for their function under contractual and technical safeguards.
Where infrastructure or providers require cross-border processing, we apply appropriate safeguards in line with applicable law and provider commitments.
Requests related to access, correction, deletion, or restriction are handled within legal and technical scope. For customer-submitted end-user data, requests may need to be coordinated with the data-controlling customer.
We maintain operational procedures for detecting, investigating, and responding to security incidents. Where required, affected parties and authorities are notified under applicable legal deadlines.
This policy may be updated to reflect legal, product, and security changes. Continued use of service after updates means acceptance of the revised policy.
For privacy and compliance requests, use the contact form in the footer and include account/domain details for accurate processing.