ChronoShield API

Privacy Policy

Last updated: April 2, 2026

1. Introduction

This Privacy Policy describes how ChronoShield API ("we", "us", or "our") collects, uses, and protects your personal information when you use our API, website, documentation, and related services (collectively, the "Service").

We are committed to protecting your privacy and handling your data responsibly. We collect only the minimum information necessary to provide and improve the Service.

2. Information We Collect

Account Information

  • Email address — collected when you register for an API Key, used for account identification and service communications
  • API Key — generated upon registration, used for authentication and rate limiting

Usage Data

  • API request counts — aggregate counts per key for rate limiting (e.g., 847 of 1,000 requests used this month)
  • Endpoint usage — which endpoints are called (validate, resolve, convert, batch) for service analytics
  • Timestamps — when requests are made, for rate limit reset windows

Technical Data

  • IP addresses — collected via standard web server logs for security and abuse prevention
  • Browser and device information — user agent strings when visiting the website (standard HTTP headers)
  • Response times — API latency metrics for performance monitoring

Payment Information (Pro Tier)

Payment for Pro tier subscriptions is processed by our third-party payment provider. We receive confirmation of payment status but do not store credit card numbers, bank account details, or other sensitive payment information on our servers.

3. Information We Do NOT Collect

We want to be explicit about what we don't do:

  • API request payloads are not stored. The datetime values, timezone identifiers, and other content you send to the API are processed in memory and discarded after the response is returned. We do not log, store, or retain your input data.
  • We do not sell your data. Your personal information is never sold, rented, or shared with third parties for marketing or advertising purposes.
  • We do not build user profiles. We do not track your behavior across websites or build advertising profiles based on your API usage.

4. How We Use Your Information

We use the information we collect to:

  • Provide the Service — authenticate requests, enforce rate limits, and deliver API responses
  • Maintain reliability — monitor uptime, detect errors, and diagnose performance issues
  • Prevent abuse — identify and block malicious traffic, DDoS attempts, and Terms of Service violations
  • Communicate with you — send service-critical notifications such as downtime alerts, security advisories, and breaking API changes (we do not send marketing emails)
  • Improve the Service — analyze aggregate, anonymized usage patterns to guide feature development and infrastructure decisions

5. Data Storage & Security

We take the security of your data seriously:

  • Infrastructure: Our Service is hosted on Railway, a cloud platform with enterprise-grade security controls. Data is stored in PostgreSQL databases with encrypted connections.
  • Encryption in transit: All communication with the API and website is encrypted via HTTPS/TLS. Unencrypted HTTP requests are rejected.
  • API Key security: API Keys are stored using industry-standard practices. We recommend you treat your API Key as a secret and never expose it in client-side code.
  • Access controls: Access to production systems and data is limited to authorized personnel and protected by multi-factor authentication.

While we implement commercially reasonable security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

6. Data Retention

Data Type Retention Period
Account data (email, API Key) While account is active + 30 days after deletion request
Usage logs (request counts, timestamps) 90 days
Server logs (IP, user agent) 30 days
API request payloads Not retained (processed transiently)

When you request account deletion, we will remove your personal data within 30 days, except where we are legally required to retain it. Anonymized, aggregate data may be retained indefinitely for analytics purposes.

7. Third-Party Services

We use the following third-party services to operate the Service:

Provider Purpose Data Shared
Railway Cloud hosting & infrastructure Application data, server logs
PostgreSQL (via Railway) Database storage Account data, usage metrics
Redis (via Railway) Caching & rate limiting Temporary session data
GitHub Source code hosting, CI/CD No user data
Payment processor Pro tier billing Email, payment details

Each third-party provider operates under their own privacy policy. We select providers with strong security and privacy practices.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate or incomplete data
  • Deletion — request deletion of your personal data and account
  • Export — receive your data in a portable, machine-readable format
  • Objection — object to certain types of data processing
  • Restriction — request that we limit processing of your data in certain circumstances

To exercise any of these rights, contact us at support@chronoshieldapi.com. We will respond to your request within 30 days.

GDPR & CCPA: We process personal data lawfully under GDPR Article 6(1)(b) (contractual necessity) for account management and API key provisioning. The only personal data we store is your email address and a hashed API key. Datetime values submitted to the API are processed transiently and never stored. For enterprise customers requiring a Data Processing Agreement (DPA), please contact support@chronoshieldapi.com.

9. Cookies

The API itself does not use cookies. API requests are authenticated via your API Key in the request header.

Our website uses minimal cookies strictly necessary for functionality (such as remembering UI preferences). We do not use:

  • Third-party advertising or tracking cookies
  • Social media tracking pixels
  • Cross-site analytics cookies

10. Children's Privacy

The Service is not directed at children under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately and we will take steps to delete it.

11. International Data Transfers

Your data may be processed and stored in the United States, where our primary infrastructure is hosted. If you are accessing the Service from outside the United States, please be aware that your data may be transferred to, stored in, and processed in a jurisdiction with different data protection laws than your own. By using the Service, you consent to such transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The most current version will always be available at this URL with a revised "Last updated" date.

If we make material changes that affect how we handle your personal data, we will notify you by email at least 14 days before the changes take effect. Your continued use of the Service after the updated policy takes effect constitutes your acceptance of the changes.

13. Contact

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at support@chronoshieldapi.com.