Privacy Policy

Last updated: January 1, 2025

At APIYatra (a product of Red Cube Solutions), we take your privacy seriously. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data when you use our website, desktop app, or npm package.

1. Information We Collect

1.1 Account Information

When you sign in via Google or GitHub OAuth, we collect:

  • Your name and email address
  • Your profile picture (avatar URL)
  • OAuth provider ID (used to identify your account)

We do not store your Google or GitHub passwords.

1.2 Usage Data

  • Workspaces, collections, folders, and API requests you create
  • Environment variables you define (stored encrypted)
  • Team members and invitations in your workspace
  • Credit balance and transaction history

1.3 Technical Data

  • IP address and browser/device information (for security)
  • Access logs and error reports

2. How We Use Your Information

  • To provide and maintain the APIYatra service
  • To authenticate your identity and secure your account
  • To sync your API collections across devices and team members
  • To process credit transactions and manage workspace limits
  • To send important service notifications (no marketing without consent)
  • To improve our platform based on usage patterns

3. Data Storage and Security

  • Your data is stored on secure servers with encryption at rest and in transit (HTTPS/TLS).
  • Passwords are hashed using bcrypt — we never store plaintext passwords.
  • Access tokens are short-lived; refresh tokens are hashed before storage.
  • We implement industry-standard security headers and Content Security Policy.

4. Data Sharing

We do not sell your personal data. We may share data only in these cases:

  • Team collaboration: Your name and email are visible to workspace members you invite or who invite you.
  • Service providers: We use trusted third-party services (hosting, database) that process data on our behalf under strict agreements.
  • Legal requirements: We may disclose data if required by law or to protect our rights.

5. Cookies and Local Storage

  • We use localStorage in the browser to store your authentication tokens and user preferences.
  • We do not use third-party tracking cookies or advertising cookies.
  • The desktop app stores data locally in SQLite on your device.

6. Third-Party OAuth Providers

When you sign in with Google or GitHub:

  • We only request the minimum necessary permissions (email, profile).
  • We do not access your Google Drive, GitHub repositories, or any other data beyond your basic profile.
  • Your use of these providers is also governed by their respective privacy policies.

7. Data Retention

  • Your account data is retained as long as your account is active.
  • Deleted collections and workspaces are soft-deleted and permanently removed after 30 days.
  • You may request complete account deletion by contacting us.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your collections and data
  • Withdraw consent at any time

To exercise these rights, contact us at support@apiyatra.com.

9. Children's Privacy

APIYatra is not intended for users under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or an in-app notice. Continued use of APIYatra after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy, please reach out:

Red Cube Solutions
Product: APIYatra
Email: support@apiyatra.com
Website: apiyatra.com
Terms and Conditions·← Back to Home