Privacy Notice for Individuals

Last updated: July 2026

This notice is for people whose information may appear in the data our service provides. It is not for our customers. If you have an account with us, our Privacy Policy applies to you instead.

If you want us to stop including you in results, you do not need to read this page first. Go straight to our opt-out form.

1. Who we are

API Direct ("we", "us", or "our") operates apidirect.io from the United Kingdom and is the data controller for the processing described in this notice. You can reach us at support@apidirect.io, which is the fastest way to get a response. If you need our full registered details or a postal address, ask us by email and we will provide them.

2. What we do

We operate a technical service that lets our business customers retrieve publicly available content through an API. When a customer makes a request, we return the content that matches it.

We are not a database of people. We do not keep a copy of the content we return, and we do not build, enrich, or sell profiles of individuals.

3. Where the information comes from

The information we handle comes from public social platforms and the public web. It is content that has been published publicly, such as public posts, public profile information, and public business listings.

Our service is not intended to provide private or restricted content, such as private messages, private accounts, or material shared only with an approved audience. We require the sources we rely on to provide only publicly published content, and our Terms of Service prohibit customers from using our service to obtain anything else.

4. What personal data may be involved

Where public content relates to an identifiable person, the information passing through our service can include:

  • A name or public username
  • A public profile link and public profile picture
  • Publicly stated information such as a job title, employer, or location as shown on a public profile
  • Public posts or comments you have published, and public engagement counts on them

Our service is not intended for identifying or targeting individuals on the basis of special categories of personal data (such as health, political opinions, religious beliefs, sexual orientation, or biometric data). Our Terms of Service prohibit customers from using our service to harass, abuse, or harm anyone, or to break the law.

5. What we store

Very little. We do not keep a copy of the public content we return to customers. When a customer makes a request, the content is returned to them and we do not retain it.

There are three limited exceptions:

  • A cache of technical identifier mappings, which lets us avoid repeating the same lookup. These entries expire automatically 30 days after they are created.
  • Diagnostic records of failed requests. When a customer's request fails, we keep a truncated copy of what they asked for so we can investigate the fault. Where a customer's request named a public profile, that record can therefore include a profile address. It is used only to fix errors.
  • Records of requests made under this notice. If you contact us to opt out or to ask what we hold, we keep your request, any email address you give us, and what you sent, so that we can act on it, evidence that we did, and keep your opt-out working. This is described in section 8.

To find out whether we hold any record about you, use our data request form.

6. Why we are allowed to do this (legal basis)

We rely on legitimate interests (Article 6(1)(f) UK GDPR). Our legitimate interest, and that of our customers, is providing and using a technical service that makes publicly available information accessible in a structured form for business research purposes.

We have carried out a balancing exercise, weighing that interest against your rights and freedoms. In doing so we take into account that the information is already public, that we do not build profiles, that we store almost nothing, and that you can object at any time and we will act on it.

If you disagree with that assessment, you have the right to object, and we will honour your objection. See section 7.

7. Your rights

Under UK GDPR you have the right to:

  • Object - Tell us to stop including you. Use the opt-out form.
  • Access - Ask what we hold about you. Use the data request form.
  • Erasure - Ask us to delete what we hold about you. The opt-out form covers this.
  • Rectification - Ask us to correct inaccurate personal data.
  • Restriction - Ask us to limit how we handle your personal data.
  • Complain - Raise a complaint with a data protection regulator. See section 10.

We will respond within one month. There is no charge. We may ask you for information to confirm that the request genuinely relates to you, so that we do not act on a request made about you by somebody else.

8. What an opt-out can and cannot do

What we will do:

  • Add you to a suppression list so that we filter you out of future results we return
  • Delete any cached internal record that matches you

What we cannot do:

  • Retrieve data we already provided. If a customer received information before you opted out, it is in their systems and we cannot claw it back. You would need to contact them directly.
  • Remove you from the original platform. We do not control the public sources. If you want the content taken down at source, or made private, you need to do that on the platform where you posted it. That is also the most effective step you can take, because it removes the content from anyone collecting public data, not just from us.

To keep your suppression working, we keep the minimum information needed to recognise you and continue filtering you out. We use it for nothing else.

9. Sharing and international transfers

Results are returned to the customer who requested them. We also use a small number of infrastructure providers to run the service, listed on our sub-processors page.

Some of those providers are located outside the United Kingdom. Where personal data is transferred internationally, we rely on appropriate safeguards such as the UK International Data Transfer Agreement or Addendum, or transfers to countries with UK adequacy status.

10. Complaints

Please contact us first at support@apidirect.io so we can put things right. You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk, or to the data protection authority in your country of residence.

11. Contact

Email: support@apidirect.io