Privacy Policy

1. Who this policy applies to

This Privacy Policy explains how APITier collects, uses, shares, stores, and protects personal data when you visit APITier websites, create an account, purchase a subscription, contact support, or use the APITier platform.

It applies to APITier’s controller-side processing for website, account, billing, support, and service-administration activities. Where APITier processes personal data on behalf of a customer through API requests, prompts, MCP tool calls, or uploaded records, those activities are governed separately by the APITier Data Processing Addendum and service documentation.

2. Controller and contact details

For the processing described in this policy, APITier is the controller of your personal data.

You can contact APITier about privacy questions, requests, or complaints at hello@apitier.com. If APITier publishes a dedicated privacy contact or legal entity notice, that notice will supplement this policy.

3. Categories of personal data

APITier may collect account and profile information such as name, email address, company, role, billing country, and account identifiers.

APITier may collect commercial and transaction information such as subscription plan, invoices, payment status, and billing history. Payment card details are processed by payment providers such as Stripe rather than stored in full on APITier systems.

APITier may collect technical and usage information such as IP address, device or browser metadata, timestamps, request logs, authentication events, dashboard activity, and service performance or security telemetry.

APITier may collect support and communications data such as messages, tickets, replies, and records of account or service requests.

4. Sources of personal data

APITier collects personal data directly from you when you create an account, subscribe, submit forms, contact support, or interact with the platform.

APITier also collects data automatically from browsers, devices, and service logs, and may receive limited data from payment processors, authentication providers, analytics tools, or business partners involved in delivering the services.

5. How APITier uses personal data

APITier uses personal data to provide and maintain accounts, authenticate users, issue and manage API keys, process billing, provide support, monitor performance, secure the services, prevent abuse, investigate incidents, comply with legal obligations, and communicate about service or policy changes.

APITier may also use personal data to improve the documentation, website, product experience, and commercial operations, including understanding aggregate usage patterns and maintaining service quality.

6. Lawful bases

Where UK or EU data protection law applies, APITier generally relies on contract necessity to provide accounts, subscriptions, billing, and support; legitimate interests to secure and improve the platform, prevent fraud, and administer the business; legal obligations to retain records and respond to lawful requests; and consent where consent is required, including for certain analytics or cookie activities.

Where APITier relies on consent, you may withdraw that consent at any time, but withdrawal does not affect processing carried out before it was withdrawn.

7. Cookies and analytics

APITier uses strictly necessary cookies and similar technologies for login, session handling, authentication, fraud prevention, and security controls.

APITier may also use analytics technologies, including Google Analytics, to understand how visitors use the websites and documentation. Where local law requires consent for non-essential cookies or analytics technologies, APITier will seek that consent through the relevant cookie controls before activating them.

8. Recipients and sharing

APITier may share personal data with service providers and subprocessors that support hosting, infrastructure, observability, analytics, communications, customer support, or payment processing, including providers such as Amazon Web Services and Stripe where used for the relevant service.

APITier may also disclose personal data to professional advisers, regulators, law enforcement, courts, counterparties in corporate transactions, or other parties where disclosure is required by law or necessary to protect rights, safety, and service integrity.

APITier does not sell personal data for money. If APITier later engages in activities that constitute "sharing" or targeted advertising under applicable US state privacy laws, APITier will update this policy and any required notices.

9. International transfers

APITier may process or transfer personal data outside the country where it was collected, including where service providers operate internationally.

Where UK or EU transfer rules apply, APITier will use appropriate safeguards for restricted transfers, such as adequacy decisions, standard contractual clauses, the UK International Data Transfer Addendum, or another lawful transfer mechanism.

10. Retention

APITier keeps personal data for as long as reasonably necessary for the purpose for which it was collected, including to provide the services, maintain records, resolve disputes, enforce agreements, detect abuse, and comply with legal obligations.

Retention periods vary by data type. Account and billing records may be kept for the term of the customer relationship and for an additional period needed for audit, tax, accounting, security, or legal purposes. Service logs and analytics data are retained for shorter operational and security periods unless longer retention is justified.

11. Security

APITier uses technical and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, or destruction. These measures may include access controls, credential management, transport security, monitoring, and operational safeguards appropriate to the nature of the services.

No internet or software-based service can be guaranteed to be fully secure, so you should also use reasonable security measures such as strong passwords, access controls, and prompt credential rotation.

12. Your privacy rights

Depending on your location, you may have rights to request access to personal data, correction of inaccurate data, deletion, restriction, objection, portability, or withdrawal of consent. You may also have the right to complain to the relevant supervisory or regulatory authority.

If you are in the UK, you may complain to the Information Commissioner’s Office. If you are in the EU, you may complain to your local supervisory authority. If you are in a US state with applicable privacy rights, you may submit requests concerning access, deletion, or correction using the APITier contact details in this policy.

13. Children

The services are not directed to children, and APITier does not knowingly collect personal data from children in connection with the services.

If you believe a child has provided personal data to APITier inappropriately, contact APITier and the information will be reviewed and addressed as appropriate.

14. Changes to this policy

APITier may update this policy from time to time to reflect operational, legal, or product changes. The "Last updated" date at the top of the policy shows when it was last revised.

Material changes may also be communicated through the website, dashboard, or email where appropriate.