Privacy Policy

1.1 Account Information

When you create an account, we collect:

• Email address - For account authentication and communication
• Password - Stored securely using industry-standard hashing (bcrypt)
• Display name - Optional, for personalizing your dashboard
• OAuth profile data - If you sign up via Google/GitHub (name, email, profile picture)

1.2 API Usage Data

To provide and improve our services, we automatically log:

• Request metadata - Timestamp, model requested, channel used, latency
• Token usage - Input/output tokens for billing and quota management
• Error logs - Error codes and messages (without sensitive request content)
• IP addresses - For security, fraud detection, and rate limiting
• User-Agent strings - To identify client applications and SDKs

1.3 Payment Information

Payment processing is handled by Stripe. We do NOT store your full credit card numbers or banking details on our servers. We only store:

• Stripe customer ID (for linking your account to Stripe)
• Last 4 digits of your card (for display purposes only)
• Transaction history (amounts, dates, status)

1.4 Cookies and Tracking

We use cookies and similar technologies for:

• Session management - To keep you logged in
• Security - CSRF protection and authentication
• Analytics - Understanding how users interact with our platform (anonymized)

We use collected information for the following purposes:

2.1 Service Delivery

• Process and route your API requests to appropriate AI model providers
• Manage authentication, authorization, and account security
• Calculate usage costs and enforce quota limits
• Provide usage analytics and request logs in your dashboard

2.2 Billing and Payments

• Process payments via Stripe
• Generate invoices and transaction receipts
• Handle refund requests for unused credits
• Detect and prevent payment fraud

2.3 Service Improvement

• Monitor system performance and uptime
• Analyze usage patterns to optimize routing strategies
• Identify and fix bugs or security vulnerabilities
• Develop new features based on aggregated usage trends

2.4 Communication

• Send transactional emails (account verification, password resets, receipts)
• Notify you of service updates, maintenance, or policy changes
• Respond to support inquiries and technical questions
• Send marketing communications (opt-in only; you can unsubscribe anytime)

2.5 Legal Compliance

• Comply with legal obligations and regulatory requirements
• Enforce our Terms of Service and prevent abuse
• Protect the rights, property, and safety of APIPod and our users

We do NOT sell your personal data to third parties. However, we share data with trusted service providers in the following circumstances:

3.1 AI Model Providers

3.2 Payment Processing

We use Stripe for payment processing. Stripe collects and processes your payment information according to their Privacy Policy. We never see or store your full credit card details.

3.3 Hosting and Infrastructure

Our services are hosted on cloud infrastructure providers. These providers may have access to data stored on their servers but are contractually obligated to maintain confidentiality.

3.4 Analytics Tools

We may use analytics services to understand platform usage. These tools collect anonymized data and do not track personal information.

3.5 Legal Requirements

We may disclose your information if required by law, court order, or to protect the rights, property, or safety of APIPod, our users, or the public.

We retain your data as follows:

• Account data - Retained until you delete your account
• API request logs - Retained for 90 days, then automatically purged
• Billing records - Retained for 7 years for tax and legal compliance
• Aggregated statistics - Retained indefinitely in anonymized form

You may request early deletion of your data by contacting [email protected], subject to legal retention requirements.

We implement industry-standard security measures to protect your data:

• Encryption - All data transmitted over HTTPS/TLS 1.3
• Password hashing - Passwords stored with bcrypt (never in plain text)
• API key encryption - API keys encrypted at rest in our database
• Access controls - Role-based access and least-privilege principles
• Regular security audits - Penetration testing and vulnerability scanning
• Monitoring - 24/7 monitoring for suspicious activity

Note: While we take all reasonable precautions, no system is 100% secure. You are responsible for keeping your API keys and passwords confidential.

Depending on your location, you may have the following rights:

6.1 Access and Portability

• Request a copy of your personal data in machine-readable format
• Export your API usage logs from the dashboard

6.2 Correction

• Update your account information directly in the dashboard
• Request corrections to inaccurate data by contacting support

6.3 Deletion

• Delete your account through the dashboard settings
• Request data deletion by emailing [email protected]
• Note: Some data may be retained for legal compliance (e.g., billing records)

6.4 Objection and Restriction

• Opt-out of marketing communications (unsubscribe link in emails)
• Request restriction of processing for specific purposes

6.5 Withdraw Consent

• Withdraw consent for optional data processing (e.g., analytics cookies)

To exercise any of these rights, contact us at [email protected] with "Privacy Rights Request" in the subject line.

We use the following types of cookies:

• Essential cookies - Required for authentication and security (cannot be disabled)
• Functional cookies - Remember your preferences and settings
• Analytics cookies - Help us understand usage patterns (anonymized)

You can manage cookies through your browser settings. Note that disabling essential cookies may prevent you from using certain features.