Privacy Policy

Effective date: March 30, 2026

1. Introduction

Content API ("we", "our", "us") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights. By using the Service, you agree to the practices described here.

2. Information We Collect

We collect the following categories of information:

  • Account informationname, email address, and password (stored as a one-way hash) when you register.
  • OAuth profile dataif you sign in with Google, we receive your name, email address, and profile picture from Google. We store only the email and name.
  • Usage dataAPI request counts, storage consumption, and project activity for billing and quota purposes.
  • Content you createcontent types, entries, and uploaded media files that you store through the Service.
  • Technical dataIP address, browser type, and access logs retained for security and debugging purposes.

3. How We Use Your Information

  • To create and manage your account.
  • To operate and deliver the Service, including your content via the delivery API.
  • To process billing, generate invoices, and enforce usage limits.
  • To send transactional emails (account confirmation, billing notices, security alerts).
  • To detect and prevent abuse, fraud, and security incidents.
  • To improve the Service through aggregated, anonymized analytics.

4. Google OAuth Data Use

When you authenticate via Google, we use the information received from Google exclusively to create and identify your account. We do not share your Google profile data with third parties and do not use it for advertising. Our use of data received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.

5. Data Sharing

We do not sell your personal data. We share your data only in the following circumstances:

  • With service providers who assist us in operating the Service (hosting, email delivery), bound by confidentiality obligations.
  • When required by law, regulation, or valid legal process.
  • To protect the rights, property, or safety of Content API, our users, or the public.

6. Cookies and Sessions

We use an HttpOnly, Secure cookie to store your session refresh token. This cookie is strictly necessary for authentication and cannot be used for cross-site tracking. We do not use advertising cookies or third-party analytics cookies.

7. Data Retention

Account data is retained as long as your account is active. Upon account deletion, your personal data and content are deleted within 30 days, except where retention is required by law. Server access logs are retained for up to 90 days.

8. Security

We use industry-standard security measures including TLS encryption in transit, hashed password storage, and signed JWTs. While we take reasonable precautions, no system is completely secure, and we cannot guarantee absolute security.

9. Your Rights

You may access, correct, or delete your personal data at any time through your account settings or by contacting us. You may also request a copy of the data we hold about you. To exercise any of these rights, email us at admin@content-api.com.

10. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from children. If we learn that we have inadvertently collected such data, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or a notice within the Service. Your continued use of the Service after the effective date of changes constitutes acceptance.

12. Contact

For privacy-related questions or requests, contact us at admin@content-api.com.