Privacy Policy

APIGrid ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our platform and APIs. By using APIGrid, you agree to the collection and use of information in accordance with this policy.

We collect several types of information to provide and improve our Services: Account Information: Name, email address, password (hashed), and billing details when you register. API Usage Data: Request logs including endpoint paths, timestamps, IP addresses, response times, and HTTP status codes. This data is used to calculate billing, enforce rate limits, and improve our infrastructure. Device & Browser Data: Browser type, operating system, referring URLs, and pages visited — collected via standard web server logs and analytics. Communications: Any messages you send us via email, support tickets, or contact forms. We do not sell your personal data to third parties.

We use the information we collect to: • Provide, operate, and maintain our Services • Process transactions and send billing information • Monitor and analyze API usage for billing and rate limiting • Detect, prevent, and address technical issues or abuse • Send transactional emails (e.g., account creation, invoices) • Improve our APIs, documentation, and developer experience • Comply with legal obligations We do not use your data for advertising purposes.

When you make requests to APIGrid APIs, we log metadata about those requests (timestamps, endpoint, response code, latency). We do not log the response payloads returned to your application. Request logs are retained for up to 90 days for billing, debugging, and abuse prevention purposes. Aggregated, anonymized metrics may be retained longer.

We do not sell, trade, or rent your personal data. We may share your information only in the following circumstances: Service Providers: Trusted third parties who assist in operating our platform (e.g., payment processors like Stripe, cloud infrastructure providers). These parties are bound by data processing agreements. Legal Requirements: If required by law, court order, or government authority, we may disclose your information. Business Transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred to the new entity, subject to the same privacy protections.

We use essential cookies to maintain your session and authentication state. We also use analytics cookies to understand how users interact with our platform. You can disable non-essential cookies via your browser settings. Disabling essential cookies may impact your ability to use authenticated features. We do not use third-party advertising cookies or cross-site tracking.

We implement industry-standard security measures including: • TLS 1.3 encryption for all data in transit • AES-256 encryption for sensitive data at rest • API key hashing — we never store your key in plain text • Regular security audits and penetration testing • Access controls and audit logs for internal staff No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

We retain your account data for as long as your account is active or as needed to provide Services. If you close your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law. API request logs are retained for 90 days. Anonymized, aggregated statistics may be retained indefinitely for product analytics.

Depending on your location, you may have the following rights regarding your personal data: • Access: Request a copy of the personal data we hold about you • Correction: Request correction of inaccurate data • Deletion: Request that we delete your personal data • Portability: Request your data in a machine-readable format • Objection: Object to certain processing activities • Restriction: Request that we limit how we process your data To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

For users in the European Economic Area (EEA), we process your data on the lawful basis of contractual necessity and legitimate interests. If we transfer your data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions.

Our Services are not directed to children under the age of 13. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on our platform at least 14 days before they take effect. We encourage you to review this policy periodically to stay informed about how we protect your data.

For privacy-related questions or to exercise your rights, please contact: Email: [email protected] Address: APIGrid, Inc. We aim to respond to all inquiries within 30 days.