Your privacy matters to us. This policy explains what personal information we collect, why we collect it, how we use it, and your rights in relation to it. We do not sell your personal data to third parties.
1. Who We Are
ApiHost ("we", "us", "our") operates the ApiHost platform at apihost.co, including the onboarding portal, client dashboard, and related services. We are the data controller in respect of personal information collected through our platform.
For privacy-related enquiries, please contact us through your client dashboard or via our Discord community.
2. Information We Collect
2.1 Information you provide directly
- Account information: name, email address, company name, role or title, and password (stored in hashed form) when you register.
- Project specification: the details, descriptions, files, and supporting documents you upload as part of your onboarding submission.
- Communications: messages and correspondence exchanged through your client dashboard or by email.
- Billing information: payment method details are collected and stored by Stripe, our payment processor. ApiHost does not store your full card details.
2.2 Information we collect automatically
- Usage data: pages visited, features accessed, time and duration of sessions, and interactions with the ApiHost platform.
- Technical data: IP address, browser type and version, device type, operating system, and referring URLs.
- Analytics: we use Google Analytics (GA4) to understand how visitors use our website. This data is aggregated and anonymised where possible.
3. How We Use Your Information
- To deliver, manage, and support the ApiHost service under your Service Agreement.
- To process billing and manage your subscription via Stripe.
- To communicate with you about your project, support requests, and service updates.
- To improve our platform, onboarding process, and service quality.
- To comply with legal obligations and enforce our Terms of Service.
- To send transactional emails relating to your account and project — we do not send unsolicited marketing emails.
4. How We Share Your Information
We do not sell, rent, or trade your personal information. We may share limited data with trusted third parties only where necessary to deliver our service:
- Stripe — payment processing and subscription management.
- AWS — cloud hosting and file storage (S3) infrastructure.
- SendGrid / AWS SES — transactional email delivery.
- Google Analytics — website usage analytics (anonymised).
- Cloudflare — CDN, DDoS protection, and DNS services.
- Sentry — error monitoring and application performance tracking.
All third-party processors are bound by data processing agreements and are required to handle your information securely and in accordance with applicable privacy laws.
We may disclose your information if required to do so by law, court order, or regulatory authority, or to protect the rights, property, or safety of ApiHost, our clients, or others.
5. Data Security
We take the security of your data seriously. Measures we have in place include:
- HTTPS encryption across all platform communications.
- Passwords stored using bcrypt hashing — we never store plain-text passwords.
- JWT-based authentication with short-lived access tokens and secure refresh token rotation.
- Databases encrypted at rest and in transit.
- Access to production systems restricted to authorised ApiHost personnel only.
- Client API containers and databases are fully isolated — no shared infrastructure between clients.
No system is entirely immune to risk. While we implement industry-standard protections, we cannot guarantee absolute security. We recommend using a strong, unique password for your ApiHost account.
6. Data Retention
We retain your personal information for as long as your account is active or as required to fulfil your Service Agreement. After account closure or contract expiry, we retain data for a period of 90 days to enable dispute resolution and handoff processing, after which it is securely deleted unless legal obligations require longer retention.
Project files and database exports may be retained for a shorter period and are subject to the terms specified in your Service Agreement.
7. Your Rights
Depending on your location, you may have the following rights in relation to your personal information:
- Access: request a copy of the personal data we hold about you.
- Correction: request correction of any inaccurate or incomplete data.
- Deletion: request deletion of your personal data, subject to our legal obligations and contractual requirements.
- Portability: request your data in a machine-readable format.
- Objection: object to certain types of processing, including direct marketing.
To exercise any of these rights, please contact us through your dashboard or our Discord community. We will respond within a reasonable timeframe.
8. Children's Privacy
ApiHost is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal data, please contact us and we will take appropriate steps to remove it.
9. Cookie Policy
This section explains how ApiHost uses cookies and similar tracking technologies on our website and platform.
What are cookies?
Cookies are small text files placed on your device by websites you visit. They are widely used to make websites work efficiently and to provide information to site owners.
Cookies we use
- Essential cookies: required for the platform to function. These include secure, httpOnly session cookies used to maintain your authenticated session. These cannot be disabled without affecting platform functionality.
- Analytics cookies (Google Analytics): we use GA4 to collect anonymised data about how visitors interact with our website. This helps us improve our content and user experience. You may opt out via your browser settings or using a GA opt-out extension.
- Stripe cookies: Stripe sets cookies as part of fraud prevention and payment processing. These are governed by Stripe's own privacy policy.
Managing cookies
You can control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling essential cookies may prevent you from using certain features of the ApiHost platform. Instructions for managing cookies in common browsers are available on those browsers' respective help pages.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Where changes are material, we will notify you via your dashboard or by email before the changes take effect. The date at the top of this page indicates when the policy was last revised.