Privacy Policy

Last updated: June 1, 2024

This policy describes how ApiMirror ("we", "us") collects, uses, and protects your data when you use our website and services.

Data We Collect

We collect the minimum data necessary to operate the service:

• Account information: Email address, name, and hashed password when you create an account.
• API endpoint data: URLs, check configurations, and assertion rules you configure for monitoring.
• Check results: HTTP status codes, response times, headers, and (optionally) response bodies from your monitored endpoints.
• Usage data: Basic analytics such as page views, feature usage, and session duration. We use a privacy-focused analytics tool that does not use cookies.
• Payment information: Processed and stored by our payment provider (Stripe). We do not store credit card numbers.

How We Use Your Data

• To operate and improve the monitoring, testing, and documentation services.
• To send alerts and notifications you've configured.
• To communicate about service updates, security notices, and account-related matters.
• To diagnose technical issues and prevent abuse.

Data Retention

Check results are retained according to your plan's history limits (7 days, 90 days, or 1 year). When you delete an endpoint, its check history is purged within 48 hours. Account data is deleted within 30 days of account closure.

Data Sharing

We do not sell your data. We share data only with:

• Infrastructure providers necessary to operate the service (hosting, CDN, email delivery).
• Stripe for payment processing.
• Law enforcement when legally required.

Security

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). API keys are stored as salted hashes. We conduct regular security reviews and maintain an internal vulnerability management process.

Cookies

We use a single session cookie for authentication. We do not use tracking cookies or third-party advertising cookies.

Your Rights

You can export your data, correct inaccuracies, or request deletion at any time through the dashboard settings. For GDPR-specific requests, contact us through the in-app support channel.

Changes

We may update this policy from time to time. Significant changes will be communicated via email and a banner in the dashboard. Continued use of the service after changes constitutes acceptance.