LEGAL

Privacy Policy

Last updated: January 2025

At Cito API, we believe in transparency. This policy explains what data we collect, why we collect it, and how we protect it. We've tried to write this in plain English, not legalese. If you have questions, email us at privacy@citoapi.com.

Information We Collect

Account Information

When you create an account, we collect your email address and authentication information (via Google or GitHub OAuth). We do not store passwords directly.

Usage Data

We collect data about your API usage, including request counts, endpoints accessed, and response times. This helps us improve our service and enforce rate limits.

Payment Information

Payment processing is handled by Stripe. We do not store your full credit card number. We receive only the last 4 digits and expiration date for your records.

How We Use Your Information

Service Delivery

We use your information to provide, maintain, and improve the Cito API service, including authenticating your API requests and tracking usage against your plan limits.

Communication

We may send you service-related emails such as account verification, billing notifications, security alerts, and important updates. We do not send marketing emails without your consent.

Analytics

We use aggregated, anonymized usage data to understand how developers use our API and to prioritize new features and improvements.

Data Sharing

Third-Party Services

We use trusted third-party services: Firebase (authentication and hosting), Stripe (payments), and standard analytics tools. These services have their own privacy policies.

No Data Sales

We do not sell, rent, or trade your personal information to third parties for marketing purposes. Period.

Legal Requirements

We may disclose information if required by law, such as in response to a valid subpoena or court order.

Data Security

Encryption

All data is transmitted over HTTPS. API keys are hashed before storage. We use industry-standard security practices to protect your data.

Access Controls

Access to user data is restricted to authorized personnel only and is logged for audit purposes.

Incident Response

In the event of a data breach, we will notify affected users within 72 hours and provide details about what data was affected.

Your Rights

Access & Export

You can access and export your data at any time through your dashboard settings.

Deletion

You can request deletion of your account and associated data by contacting us at privacy@citoapi.com. We will process requests within 30 days.

Correction

You can update your account information at any time through your dashboard.

Cookies & Tracking

Essential Cookies

We use essential cookies to maintain your session and authentication state. These are required for the service to function.

Analytics

We use basic analytics to understand site usage. You can opt out of analytics through your browser settings or by using a content blocker.

Data Retention

Account Data

We retain your account data for as long as your account is active. After account deletion, we retain certain data for up to 90 days for legal and accounting purposes.

API Logs

API request logs are retained for 30 days for debugging and analytics purposes, after which they are automatically deleted.

Questions?

If you have any questions about this Privacy Policy or how we handle your data, we're happy to help.

privacy@citoapi.comContact Form

See also: Terms of ServiceSLA