ESC

Privacy Policy

Last updated: 1 April 2026

Summary

Toolkit API is designed to be privacy-first. Our APIs are stateless — we do not store your request data, we do not use cookies, and we do not track users across sessions. This policy explains what minimal data we do collect and why.

1. Data We Do Not Collect

  • Request/response payloads — API endpoints are stateless. We do not log, store, or retain the content of your requests or responses.
  • Cookies — Our websites and APIs set no cookies.
  • User tracking — We do not use fingerprinting, session replay, or cross-site tracking scripts.
  • File uploads — Any files sent to processing endpoints (e.g. PDF, Image) are processed in memory and discarded immediately after the response is returned.

2. Data We Do Collect

  • Basic analytics — Our marketing websites use Google Analytics with IP anonymisation enabled. This collects page views, referrer data, and device type. No personally identifiable information (PII) is collected.
  • Server logs — Standard web server access logs (IP address, timestamp, HTTP method, path, status code, user agent) are retained for up to 30 days for security monitoring and debugging.
  • API usage metrics — Aggregate request counts per API key are tracked for rate limiting and billing purposes. These metrics are shared with RapidAPI as part of the billing process.

3. Third-Party Services

We use the following third-party services:

  • RapidAPI — Handles API subscription management, billing, and payment processing. Subject to RapidAPI's Privacy Policy.
  • Google Analytics — Anonymised website analytics on marketing sites only, not on API endpoints.
  • MaxMind GeoLite2 — The Geo and DNS toolkits use GeoLite2 databases for IP geolocation. No data is sent to MaxMind; lookups are performed locally.

4. Data Retention

  • Server access logs: up to 30 days.
  • Aggregate API usage metrics: retained for the duration of your subscription.
  • API request/response content: not retained (processed and discarded immediately).

5. Security

All communication with Toolkit API services is encrypted via TLS. API authentication is handled through API keys transmitted via the X-API-Key header or through RapidAPI's proxy authentication. We follow industry-standard security practices for infrastructure management.

6. Your Rights

Because we collect minimal data, there is very little to request, modify, or delete. If you have concerns about data associated with your API usage, please contact us and we will respond promptly.

7. Children

Our Services are not directed at individuals under 16. We do not knowingly collect data from children.

8. Changes

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date.

9. Contact

For privacy-related questions, email [email protected].