Legal

Privacy Policy

How we collect, use, and protect your information.

1. Who We Are

RestAPI.com is operated by Softeria. This Privacy Policy explains what personal information we collect, how we use it, and the rights you have over that information when you use the developer portal, the APIs you build, and any related services (collectively “the Service”).

2. Information We Collect

We collect the following categories of information:

  • Account information — name, email, and any profile data you provide or that we receive from your identity provider (Microsoft, Google, Vipps, etc.).
  • Tenant and API metadata — names, regions, configuration, schemas, and the audit trail of changes you make.
  • Usage data — request counts, latency, error rates, and storage volumes used to enforce limits and operate the Service.
  • Billing information — handled by Stripe; we store a customer reference and invoice metadata, never your card number.
  • Diagnostic logs — error stacks, IP addresses, and timestamps necessary to debug and secure the platform.

3. How We Use Information

  • To provide, operate, and improve the Service
  • To authenticate you and prevent abuse
  • To enforce subscription limits and bill paid plans
  • To send transactional notices (security alerts, billing receipts, incident updates)
  • To respond to support requests
  • To meet legal obligations

4. Your Customer Data

Data your end users store through APIs you build on the Service is treated as your data. You are the data controller; we are the data processor. We do not access, sell, or use your customer data for any purpose other than to operate the Service for you. Our staff only access it when you ask us to investigate a problem, or when required by law.

5. Sharing and Disclosure

We share information only with:

  • Subprocessors we use to run the platform — cloud hosting, email delivery, payment processing — under data processing agreements
  • Authorities when compelled by valid legal process
  • A buyer or successor in the event of a merger, acquisition, or asset sale, subject to this Privacy Policy

6. Data Retention

Account and tenant data is retained while your account is active. On deletion, data is removed from production systems within 30 days and from backups within 90 days. Diagnostic logs are retained for up to 12 months. Billing records are retained as required by tax law.

7. Security

We use industry-standard measures to protect your information, including encryption in transit (TLS), encryption at rest, role-based access controls, and regular security reviews. No system is perfectly secure — please use a strong, unique password and enable any extra security features available to you.

8. International Transfers

Your data is stored in the regions you select for each API. Some operational and support data may be processed in other regions where our staff or subprocessors operate, under appropriate transfer safeguards.

9. Your Rights

Depending on your jurisdiction (EU/UK GDPR, California CCPA, etc.) you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Delete your account and associated data
  • Export your data
  • Object to or restrict certain processing
  • Lodge a complaint with a supervisory authority

10. Cookies

The developer portal uses strictly necessary cookies to keep you signed in and to remember your preferences (theme, view mode). We do not use third-party advertising cookies.

11. Changes

We may update this Privacy Policy from time to time. Material changes will be announced via the developer portal or by email. The “Last updated” date above reflects the most recent revision.

12. Contact

You can exercise most of your rights from the developer portal or by emailing hi@softeria.com. Questions about this Privacy Policy can be directed to the same address.