Your Privacy Matters

Account Information

When you create an account, we collect:

• Email address (for authentication and account management)
• Name (if provided through Google OAuth)
• Profile picture (if provided through Google OAuth)
• Account creation and last login timestamps

API Key Data

Important: Your API keys are encrypted using client-side encryption before being stored on our servers. We cannot access, read, or decrypt your API keys.

• Encrypted API key data (unreadable by us)
• Key names and metadata (platform, environment, expiry dates)
• Health check results and timestamps
• Project and client organization data

Usage Data

• Login and session information
• Feature usage statistics (anonymized)
• Error logs (without sensitive data)
• Performance metrics

Service Provision

• Provide and maintain the API key management service
• Process your requests and transactions
• Send service-related communications
• Provide customer support

Security and Safety

• Detect and prevent fraud, abuse, and security threats
• Monitor and analyze usage patterns for service improvement
• Comply with legal obligations

Improvement

• Improve our services and develop new features
• Conduct research and analysis (anonymized data only)
• Provide personalized experiences

Encryption

Your API keys are encrypted using AES-256-GCM encryption in your browser before being transmitted to our servers. The encryption key is derived from your password and never leaves your device.

Data Storage

• Data is stored on secure servers hosted by Supabase
• All data is encrypted in transit using TLS 1.3
• Database access is restricted and monitored
• Regular security audits and penetration testing

Access Controls

• Row-level security ensures users can only access their own data
• Multi-factor authentication for administrative access
• Regular access reviews and audits
• Immediate revocation of access upon termination

We Do Not Sell Your Data

We do not sell, rent, or trade your personal information or API key data to third parties.

Limited Sharing

We may share your information only in the following circumstances:

• Service Providers: With trusted third-party services that help us operate our platform (e.g., Supabase for hosting, Google for authentication)
• Legal Requirements: When required by law, court order, or government request
• Safety and Security: To protect our users, employees, or the public from harm
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with appropriate safeguards)

When you share API keys with team members, the sharing is controlled by our platform's security features. Team members can only access keys that you explicitly share with them.

Retention Period

• Account Data: Retained while your account is active
• API Key Data: Retained until you delete the key or your account
• Usage Logs: Retained for 12 months for security and debugging
• Backup Data: Retained for 30 days after account deletion

Account Deletion

When you delete your account, we will:

• Permanently delete all your API key data
• Remove your account information
• Delete all associated metadata and logs
• Remove your data from backups within 30 days

Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Export your data in a portable format
• Object to processing of your data

Access and Control

• View and edit your account information
• Manage your API keys and sharing settings
• Control team access and permissions Coming Soon
• Download your data or delete your account

Communication Preferences

• Opt out of marketing communications
• Control notification settings
• Manage email preferences

Contact Us

If you have questions about your privacy rights or want to exercise them, please contact us at: