📄 APIEngine - PRIVACY & DATA PROTECTION POLICY

APIEngine Technologies LLP

Effective Date: [03-01-2026]
Last Updated: [03-01-2026]

1. INTRODUCTION

APIEngine LLP (“APIEngine”, “we”, “us”, “our”) provides a software platform that enables users to design schemas, store data, and expose APIs (“Services”).

This Privacy & Data Protection Policy (“Policy”) explains how we collect, use, store, disclose, and protect personal data and user-generated data when you access or use the Services.

This Policy is designed to comply with:

• Digital Personal Data Protection Act, 2023 (India)
  
• General Data Protection Regulation (GDPR), where applicable
  

By using the Services, you acknowledge and agree to this Policy.

2. ROLE CLARIFICATION (CRITICAL)

For the purposes of data protection laws:

• You are the Data Controller
  
• APIEngine is the Data Processor
  

This means:

• You decide what data is uploaded or processed
  
• You decide why and how such data is used
  
• You are responsible for obtaining consent and ensuring lawful processing
  

APIEngine processes data only on your instructions and does not independently determine the legality, sensitivity, or purpose of User Data.

3. DATA WE COLLECT

3.1 Account & Identity Data

We collect:

• Name
  
• Email address
  
• Username
  
• Organization name (if provided)
  
• Country and basic location metadata
  

This data is required to create and manage your account.

3.2 Authentication & Security Data

We collect:

• Session cookies
  
• Authentication tokens (JWTs)
  
• API keys
  
• Login timestamps
  
• IP addresses
  
• Browser and device metadata (limited)
  

This data is used strictly for:

• Authentication
  
• Security
  
• Abuse prevention
  
• Fraud detection
  

3.3 Usage, Monitoring & Telemetry Data

We use cloud monitoring and observability tools to ensure platform stability and security.

This includes:

• API request metadata (endpoint, method, status codes)
  
• Rate-limit usage
  
• Latency metrics
  
• Error logs
  
• Infrastructure-level performance data
  

🔒 Payload contents are not analyzed for business meaning.

3.4 Analytics Tools (Optional / Future)

APIEngine may implement analytics tools such as Google Analytics in the future.

If enabled, such tools may collect:

• Page views
  
• Navigation paths
  
• Referrer data
  
• Device and browser information
  

These tools are used solely to:

• Improve product usability
  
• Understand feature adoption
  

No sensitive User Data is intentionally shared with analytics providers.

3.5 User-Uploaded Data (“User Data”)

User Data includes any data you upload, store, or process using the Services, including:

• Database records
  
• Schemas and object definitions
  
• API request and response payloads
  
• Test or production datasets
  

⚠️ APIEngine does not validate the legality, sensitivity, or accuracy of User Data.

3.6 Payment & Billing Data

Payments are handled by third-party payment processors (e.g., Stripe).

APIEngine does not store:

• Full credit/debit card numbers
  
• CVV information
  

We may store:

• Billing metadata
  
• Subscription status
  
• Invoice references
  

4. HOW WE USE DATA

We use collected data to:

• Provide and operate the Services
  
• Authenticate users and manage accounts
  
• Enforce rate limits and usage plans
  
• Detect and prevent abuse, fraud, or security incidents
  
• Send transactional communications
  
• Send marketing communications (where permitted)
  
• Process billing and payments
  
• Maintain logs for compliance and auditing
  
• Improve platform performance and reliability
  

We do not sell personal data.

5. EMAIL COMMUNICATIONS

5.1 Transactional Emails

We send essential emails related to:

• Account creation and verification
  
• Security alerts
  
• Billing and invoices
  
• Service-related notices
  

These emails are mandatory for account operation.

5.2 Marketing Emails

We may send marketing or promotional emails regarding:

• New features
  
• Product updates
  
• Platform announcements
  

You may opt out of marketing communications at any time.
Transactional emails cannot be opted out of.

6. LEGAL BASIS FOR PROCESSING

Depending on jurisdiction, data processing is based on:

• Contractual necessity (to provide Services)
  
• Legitimate interests (security, monitoring, fraud prevention)
  
• Legal obligations (tax, compliance)
  
• Consent, where required
  

For GDPR purposes, APIEngine acts as a Data Processor and relies on the User’s lawful basis as Data Controller.

7. DATA EXPORT

APIEngine may provide data export features allowing you to export your data.

• You are responsible for securing exported data
  
• APIEngine is not responsible for misuse after export
  
• Export formats and availability may change
  

8. DATA RETENTION

8.1 Account Data

• Retained while your account is active
  
• May be retained after termination for legal, security, or compliance purposes
  

8.2 Logs & Telemetry

• Retained for security, billing, auditing, and abuse prevention
  
• Retention periods vary by log type
  

8.3 Backups

• Data may exist in encrypted backups
  
• Backups are rotated periodically
  
• Immediate or complete erasure is not guaranteed
  

9. DATA DELETION & ERASURE REQUESTS

You may request account or data deletion.

However:

• Certain data may be retained as required by law
  
• Logs and backups may persist temporarily
  
• Immediate deletion across all systems is not guaranteed
  

APIEngine disclaims liability for residual data in backups or logs.

10. DATA SHARING & DISCLOSURE

10.1 Service Providers

We may share data with trusted providers for:

• Cloud hosting
  
• Monitoring and observability
  
• Email delivery
  
• Payment processing
  

Such providers operate under confidentiality obligations.

10.2 Legal Requirements

We may disclose data if required by:

• Court orders
  
• Government requests
  
• Applicable law
  

10.3 Business Transfers

In the event of a merger, acquisition, or asset sale, data may be transferred as part of the transaction.

11. CROSS-BORDER DATA TRANSFERS

APIEngine operates globally.

Data may be processed or stored outside India where our service providers operate.

We rely on:

• Contractual safeguards
  
• Industry-standard security measures
  

No country-specific data residency guarantees are provided unless expressly agreed in writing.

12. SECURITY MEASURES

APIEngine implements reasonable technical and organizational safeguards, including:

• Encryption in transit (HTTPS/TLS)
  
• Access controls and authentication
  
• Monitoring and logging
  
• Infrastructure-level protections
  

⚠️ No system is completely secure.
APIEngine does not guarantee absolute security.

13. HIGH-RISK & REGULATED DATA DISCLAIMER

APIEngine is not certified or designed for:

• Healthcare data (HIPAA)
  
• Payment card data (PCI-DSS)
  
• Financial or banking systems
  
• Government-classified data
  

If you upload such data:

• You do so at your own risk
  
• You assume all compliance obligations
  
• APIEngine disclaims all liability
  

14. ANONYMOUS & GUEST ACCESS

Anonymous or guest users:

• May access public web pages
  
• May access limited public API endpoints (if any)
  

Anonymous or guest users cannot:

• Access data endpoints
  
• Store or retrieve User Data
  

All data access requires authenticated accounts.

15. YOUR RIGHTS

Subject to Applicable Law, you may have rights to:

• Access your personal data
  
• Correct inaccuracies
  
• Request deletion
  
• Withdraw consent (where applicable)
  

Requests may be sent to:
📧 support@theapiengine.in

Requests relating to User Data uploaded by you must be handled by you, not APIEngine.

16. CHILDREN’S DATA

The Services are not intended for use by children.

APIEngine does not knowingly collect personal data from minors.

17. CHANGES TO THIS POLICY

We may update this Policy from time to time.

Updates become effective upon posting.
Continued use of the Services constitutes acceptance.

18. CONTACT INFORMATION

For privacy or data-related inquiries:

📧 support@theapiengine.in