Privacy Policy

1. Overview

This Privacy Policy explains what data API Stash collects, why, and what choices you have. We aim to collect only what we need to run the Service.

2. Data we collect

• Account data: your email address, name (optional), and authentication details. Passwords are stored only as salted hashes; we never store them in plain text.
• Workspace content: the requests, flows, environments, webhooks, and related data you create. Secret values and credentials are encrypted at rest.
• Usage and diagnostic data: logs needed to operate and secure the Service, such as request metadata and error traces.
• Billing data: if you subscribe, our payment processor (Stripe) handles your card details. We store only a customer reference and subscription status — never full card numbers.

3. How we use data

• To provide, maintain, and secure the Service.
• To communicate with you about your account, including transactional email (such as invites and password resets).
• To process payments and manage subscriptions.
• To detect, prevent, and address abuse, fraud, or technical issues.

We do not sell your personal data.

4. Subprocessors

We rely on a small set of infrastructure providers to run the Service, including Cloudflare (hosting, storage, and database), Stripe (payments), and Resend (transactional email). These providers process data on our behalf under their own security and privacy commitments.

5. Data retention and deletion

We keep your data for as long as your account is active. You can export your workspace data at any time from workspace settings, and you can delete your account from your account settings. When you delete your account, we remove your personal data and the workspaces you solely own; shared workspaces are transferred to a remaining member so collaborators do not lose their work.

6. Security

We use encryption in transit and at rest for sensitive values, scoped access controls, and standard operational safeguards. No system is perfectly secure, but we work to protect your data and to respond promptly to issues. Report security concerns to security@tryapistash.com.

7. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data. The export and deletion tools in the app cover most of these directly; for anything else, contact us.

8. International transfers

Our infrastructure is operated on a global network. By using the Service you understand your data may be processed in countries other than your own, with appropriate safeguards in place.

9. Children

The Service is not directed to children under 13, and we do not knowingly collect their data.

10. Changes

We may update this policy; material changes will be posted here with an updated effective date.

11. Contact

Questions about privacy or a data request? Email hello@tryapistash.com.