Privacy Policy

Last updated: May 17, 2026

⚠️ This document is a preliminary draft currently under legal review. It does not constitute legal advice and is not legally binding.

1. Who We Are

RateFlow ("we", "our", or "us") operates a SaaS platform providing API endpoints for foreign currency exchange rate data. This Privacy Policy explains how we collect, use, and protect information about you when you use our Service.

If you have any questions about this Privacy Policy, you may contact us using the details at the foot of this page.

2. What Data We Collect

We collect the following categories of data:

  • Account information: Your name and email address when you register for an account.
  • Billing information: Payment processing is handled by Stripe. We do not store your full payment card details. We store Stripe customer identifiers for subscription management.
  • API usage data: Logs of API requests, including timestamps, endpoint called, and response status. Used for rate limiting and abuse prevention.
  • Technical data: IP addresses, browser type, and device information collected through server logs. Used for security monitoring and service improvement.

3. How We Use Your Data

We use the data we collect to:

  • Create and manage your account and API keys.
  • Process payments and manage your subscription.
  • Enforce request quotas and rate limits.
  • Detect and prevent abusive activity.
  • Improve the quality and performance of the Service.
  • Send you transactional emails (e.g., account verification, password reset).

4. Third-Party Processors

We do not sell your personal data. We work with the following third-party processors:

  • Stripe: Payment processing and subscription management. Stripe processes your payment information directly.
  • Email provider: For sending transactional emails such as account verification and password reset.

5. Data Security

We implement reasonable technical measures to protect your data, including:

  • HTTPS encryption for all data in transit.
  • API keys stored as SHA-256 hashes — plaintext keys are not retained.
  • Passwords hashed using industry-standard algorithms.

6. Your Rights

If you have questions about your personal data or wish to make a request regarding access, correction, deletion, or any other data-related rights, please contact us using the details at the foot of this page. We will review each request individually and handle it in accordance with applicable law.

7. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes, we will notify registered users and update the effective date shown at the top of this page.

For privacy-related questions, contact us at privacy@rateflowapi.com.