Privacy Policy

Last updated: February 14, 2026

1. Introduction

APOGEOAPI ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our geographic data API service and website.

2. Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Username
  • Password (stored as a bcrypt hash, never in plaintext)
  • Country code (to determine payment provider)

Payment Information

Payment processing is handled by Stripe and MercadoPago. We do not store credit card numbers, CVVs, or full payment details. We store only provider customer IDs and subscription IDs for managing your billing.

API Usage Data

We collect usage data for each API request including:

  • API endpoint accessed
  • Timestamp
  • Response time
  • IP address (for rate limiting and security)
  • HTTP status code

This data is used to enforce quotas, provide usage analytics in your dashboard, and improve our service. Usage events older than 90 days are automatically deleted.

3. How We Use Your Information

  • To provide and maintain the API service
  • To manage your account and subscription
  • To send transactional emails (billing, quota alerts, security notifications)
  • To enforce rate limits and prevent abuse
  • To generate aggregated, anonymous usage statistics

4. Data Retention

  • Account data: retained while your account is active, deleted upon account deletion request
  • API usage events: retained for 90 days, then automatically purged
  • Usage aggregates: retained for the duration specified by your plan (7-365 days)
  • Invoices: retained for 7 years for tax and legal compliance

5. Data Sharing

We do not sell your personal data. We share data only with:

  • Payment processors (Stripe, MercadoPago) to process payments
  • Email service providers to send transactional emails
  • Law enforcement when required by law

6. Security

We implement industry-standard security measures including: HTTPS/TLS encryption, bcrypt password hashing, JWT token-based authentication with short-lived tokens, Redis-based token blacklisting, rate limiting, and regular security audits.

7. Your Rights

You have the right to:

  • Access your personal data via your dashboard
  • Export your usage data
  • Delete your account and all associated data
  • Update your personal information

To exercise these rights, use the account settings in your dashboard or contact us at privacy@apogeoapi.com.

8. Cookies

See our Cookie Policy for details on how we use cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes via email or a prominent notice on our website.

10. Contact Us

If you have questions about this Privacy Policy, contact us at privacy@apogeoapi.com.