Last updated: February 2025
API Direct ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and API services (collectively, the "Service").
We are based in the United Kingdom and operate in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using our Service, you agree to the collection and use of information in accordance with this policy.
API Direct is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us at support@apidirect.io.
When you create an account, we collect:
When you add a payment method, we store:
When you use our API, we collect:
We do not log the content of your API queries or the data returned in API responses.
We do not collect:
We use the information we collect to:
Under UK GDPR, we process your personal data based on the following legal grounds:
We share your information with the following categories of third-party service providers who assist us in operating the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database and authentication | Account data, usage records |
| Stripe | Payment processing | Payment and billing information |
| Amazon Web Services (SES) | Email delivery | Email address, name |
| Upstash | Caching and rate limiting | Temporary usage counters |
| Vercel | Hosting infrastructure | Request metadata |
| OAuth authentication | Email, name (if using Google sign-in) |
We do not sell your personal data to third parties. We may disclose your information if required by law or in response to valid legal requests from public authorities.
Some of our third-party service providers are located outside the United Kingdom. When we transfer your personal data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO), or transfers to countries with adequate data protection laws.
We retain your personal data for as long as necessary to:
When you delete your account, we will delete your personal data immediately, including your profile, API keys, and usage records. Some data may be retained in backups for a limited period as required by law or for legitimate business purposes.
Under UK GDPR, you have the following rights regarding your personal data:
To exercise any of these rights, please contact us at support@apidirect.io. We will respond to your request within one month.
You can delete your account and all associated data at any time through your dashboard settings.
We implement appropriate technical and organisational measures to protect your personal data, including:
While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
We use only essential cookies necessary for the operation of our Service, such as authentication session cookies. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.
Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on our website prior to the changes becoming effective. We encourage you to review this policy periodically.
If you have concerns about how we handle your personal data, please contact us first at support@apidirect.io. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
If you have any questions about this Privacy Policy or our data practices, please contact us at:
Email: support@apidirect.io