Privacy Policy

This policy explains what we collect when you use ReefAPI and how we handle it. We aim to collect the minimum needed to run the Service.

What we collect

Account data: your email and authentication details (passwords are hashed; we never store them in plaintext). Usage data: per-request metadata — which API/endpoint, timestamp, latency, bytes, and credits — to meter billing and operate the Service. Payment data: handled by our Merchant of Record (Paddle); we never see or store full card details.

How we use it

To authenticate you, provision and meter API keys, show your usage and billing, prevent abuse, and improve reliability. We do not sell your personal data, and we don't use your request payloads to build profiles of you.

API responses & third-party data

The data APIs return information from public sources. By default we redact common personal identifiers from responses; some endpoints can return more only when you explicitly opt in, and you become responsible for handling that data lawfully (see the Terms).

Your rights

Subject to applicable law (incl. GDPR/CCPA), you can access, correct, export, or delete your account data, and object to or restrict certain processing. Email us to exercise these rights.

Cookies & security

We use a session cookie to keep you signed in — no third-party advertising cookies. We apply reasonable technical and organizational measures to protect your data; keys are guarded and admin surfaces are access-controlled.

Retention

We keep account data while your account is active and usage records for as long as needed for billing, security, and legal obligations, then delete or anonymize them.

Contact

Privacy questions or requests: [email protected].