Privacy Policy

Last updated: 10 April 2026

1. Data Controller

The data controller for this service is the operator of AutoAPI ("we", "us", "our"). We are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable EU/EEA data protection laws.

2. Data We Collect

We collect and process the following personal data:

• Account information: name, email address, and password hash when you register.
• OAuth data: basic profile information (name, email, avatar) when you sign in with Google or GitHub.
• Usage data: API request logs including endpoints, timestamps, IP addresses, and user agents.
• Subscription data: plan selection and subscription status. No payment card details are collected.

3. Legal Basis

We process your data based on: contractual necessity (to provide the service), legitimate interest (security monitoring, service improvement), and your consent (where applicable).

4. Data Retention

Account data is retained while your account is active. API usage logs are retained for 90 days. Upon account deletion, personal data is anonymized within 30 days.

5. Your Rights

Under GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request erasure of your data
• Data portability (export your data)
• Object to or restrict processing
• Withdraw consent at any time

6. Data Security

We employ industry-standard security measures including encrypted connections (TLS), hashed passwords (bcrypt), API key hashing, and regular security audits.

7. Third-Party Processors

We use the following sub-processors:

• Google/GitHub — OAuth authentication (optional)

8. Contact

For data protection inquiries, contact us at privacy@autoapi.example.com.