Privacy Policy

Account Information

When you register for an AstroAPI account, we collect your email address, organization name, and billing information. We use industry-standard encryption to protect all sensitive data.

API Usage Data

We automatically collect information about your API requests including endpoints accessed, request timestamps, response times, payload sizes, and error rates. This data helps us maintain service quality and detect potential issues.

Technical Information

We collect IP addresses, user agent strings, API keys, and request headers to ensure security, prevent abuse, and maintain service reliability. This information is stored securely and accessed only when necessary.

Service Provision

We use your information to provide, maintain, and improve the AstroAPI service, process transactions, send service notifications, and provide customer support.

Security and Fraud Prevention

Your data helps us detect and prevent fraudulent activity, unauthorized access, and abuse of our services. We monitor usage patterns to identify and address potential security threats.

Analytics and Improvements

We analyze aggregated usage data to understand how our API is used, identify performance bottlenecks, and develop new features that meet our users' needs.

Communications

With your consent, we may send you product updates, technical notices, security alerts, and promotional materials. You can opt out of non-essential communications at any time.

Infrastructure Security

All data is stored on secure servers with industry-standard encryption at rest and in transit. We use AWS infrastructure with SOC 2 compliance and implement regular security audits.

Access Controls

Access to user data is strictly limited to authorized personnel who need it to perform their jobs. We use multi-factor authentication and role-based access controls.

Data Encryption

All sensitive data including API keys and personal information is encrypted using AES-256 encryption. SSL/TLS protocols protect all data transmission.

Incident Response

We maintain comprehensive incident response procedures and will notify affected users within 72 hours of discovering any data breach that may impact their personal information.

Request Logging

We log API requests for 90 days to help with debugging, support, and abuse prevention. Logs include timestamps, endpoints, response codes, and performance metrics.

Rate Limiting Data

We track request volumes to enforce rate limits and ensure fair usage across all users. This data is associated with your API key and account.

Performance Monitoring

We collect response times, error rates, and system performance metrics to maintain our ~300ms response time guarantee and 99.9% uptime SLA.

Essential Cookies

We use essential cookies for authentication, security, and maintaining your session. These cookies are necessary for the API dashboard and cannot be disabled.

Analytics Cookies

With your consent, we use analytics cookies to understand how you interact with our documentation and dashboard. This helps us improve user experience.

Third-Party Services

We use Google Analytics and Stripe for analytics and payment processing respectively. These services may set their own cookies subject to their privacy policies.

Payment Processing

We use Stripe for payment processing. Your payment information is transmitted directly to Stripe and is not stored on our servers. Stripe's privacy policy governs their data handling.

Infrastructure Providers

We use Amazon Web Services (AWS) for hosting and Cloudflare for CDN and DDoS protection. These providers process data according to our instructions and their respective privacy policies.

Communication Services

We use SendGrid for transactional emails and Intercom for customer support. These services process only the minimum data necessary to provide their services.

Active Accounts

We retain your account information for as long as your account is active or as needed to provide services. API usage logs are retained for 90 days for operational purposes.

Deleted Accounts

When you delete your account, we immediately remove your personal information from our active databases. Some information may be retained in backups for up to 30 days.

Legal Requirements

We may retain certain information for longer periods when required by law, to resolve disputes, enforce agreements, or for legitimate business purposes.

Access and Portability

You have the right to access your personal information and receive a copy of your data in a structured, machine-readable format.

Correction and Deletion

You can update your account information at any time through the dashboard. You may also request deletion of your personal data, subject to legal and contractual obligations.

Consent Withdrawal

Where we process data based on consent, you may withdraw that consent at any time. This does not affect the lawfulness of processing before withdrawal.

Objection and Restriction

You have the right to object to certain processing activities and request restriction of processing in specific circumstances as provided by applicable law.

Non-Discrimination (CCPA)

California residents have the right not to receive discriminatory treatment for exercising their privacy rights under CCPA.

Data Protection Authority

EU residents have the right to lodge a complaint with their local data protection authority if they believe their rights have been violated.

AstroAPI is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information from our servers immediately.

Data Location

Our servers are located in the United States and European Union. By using AstroAPI, you consent to the transfer of your information to these locations.

Legal Safeguards

We implement appropriate safeguards for international data transfers, including Standard Contractual Clauses approved by the European Commission.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For significant changes, we will provide additional notice through email or the API dashboard. Your continued use of AstroAPI after changes become effective constitutes acceptance of the revised policy.

Data Protection Officer

For privacy-related inquiries or to exercise your rights, please use our contact form at /contact

General Inquiries

For general questions about AstroAPI, please visit api.astrology-api.io or use our contact form at /contact

Mailing Address

AstroAPI Privacy Team Data Protection Office Contact us at /contact