Privacy Policy

Last updated: 2026-05-13

1. Data we collect

• Account data: email, name, and (for credentials accounts) a salted hash of your password. For OAuth sign-in, the identifiers your provider exposes.
• Usage logs: for each API request — the endpoint, HTTP status, response time, IP address, and the API key used. Retained for 90 days.
• Audit logs: account- and org-level actions you take in the dashboard (key creation, member invites, plan changes).

2. How we use it

• Operate, secure, and monitor the Service.
• Enforce rate limits and detect abuse.
• Send transactional emails (verification, password reset, invitations, quota alerts).

We do not sell your data and do not share it with advertisers. We do not use the contents of your API requests to train any models.

3. Cookies

We use a small number of strictly-functional cookies (session, active organization, theme). See our Cookies Policy.

4. Sub-processors

• Cloud hosting (Vercel / AWS) — application and database hosting.
• Resend — transactional email delivery.
• Google Places (upstream) — POI and geocoding source data.

5. Your rights

You may request export or deletion of your account and associated data at any time by emailing [email protected]. We respond within 30 days.

6. Children

The Service is not directed to children under 13. We do not knowingly collect data from children.

7. Changes

We will notify registered users of material changes by email at least 14 days before they take effect.

8. Contact

Email [email protected].