Privacy Policy

1. Introduction

APIAtlas Corporation ("we," "us," "our," or "Company") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains our information practices, what information we collect, how we use it, and the choices you have regarding your data.

This policy applies to all services provided by APIAtlas, including our website, application, and related services (collectively, "Service"). By accessing or using APIAtlas, you acknowledge that you have read, understood, and agree to be bound by all terms in this Privacy Policy.

2. Information We Collect

Account Information: When you create an account, we collect your name, email address, company name, phone number, and account credentials. We also collect billing information to process payments and manage your subscription.

Network Traffic Data: When you deploy APIAtlas, we passively observe network traffic to discover and classify APIs. This includes API endpoint identifiers, request/response patterns, and timing information. We hash sensitive payload data and do not store raw request bodies by default.

Configuration Data: We collect information about your network topology, deployment preferences, and discovery settings to optimize our service.

Usage Data: We collect data about how you use our service, including login times, features accessed, reports generated, and API queries performed. This helps us improve our product and understand customer needs.

Device Information: We collect information about devices you use to access APIAtlas, including IP address, browser type, operating system, and device identifiers. This information is used for security and performance optimization.

3. How We Use Your Information

Service Delivery: We use your information to provide, maintain, and improve APIAtlas, including discovering APIs, generating reports, and monitoring your infrastructure.

Communication: We use your email to send service updates, security alerts, billing information, and respond to your inquiries. You can manage communication preferences in your account settings.

Analytics & Improvement: We analyze aggregated usage patterns to improve our algorithms, detect trends, and optimize product performance. This analysis is performed on anonymized data.

Security & Compliance: We use your information to detect fraud, prevent abuse, enforce our Terms of Service, and comply with legal obligations.

Marketing: With your consent, we may send promotional materials about new features, webinars, or related services. You can opt out of marketing communications at any time.

4. Data Sharing & Third Parties

Shared Only with Your Consent: We do not sell your personal information. We only share information with third parties when you explicitly request it (e.g., exporting data to Swagger Editor) or when required by law.

Service Providers: We may share information with vendors who help us provide the Service, such as cloud hosting providers, payment processors, and email delivery services. These vendors are contractually obligated to use your information only to provide services to APIAtlas.

Legal Compliance: We may disclose information when required by law, court order, or government request. We will notify you of such requests unless prohibited by law.

Business Transfers: If APIAtlas is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

5. Data Security & Storage

Encryption: We use TLS 1.2+ encryption to protect data in transit. Sensitive information is encrypted at rest using AES-256 encryption.

Access Control: We implement strict access controls limiting employee access to customer data on a need-to-know basis. All employees sign confidentiality agreements.

Infrastructure: Our platform is hosted on secure, monitored cloud infrastructure with automatic backups and redundancy. We conduct regular security audits and penetration testing.

While we implement comprehensive security measures, no system is completely secure. We cannot guarantee absolute security, though we are committed to protecting your information against unauthorized access.

6. Your Privacy Rights

Access & Portability: You have the right to access your personal information and receive a copy in a portable format. You can download your account data or API inventory at any time through your dashboard.

Correction: You can correct inaccurate information by updating your account settings or contacting our support team.

Deletion: You can request deletion of your account and associated data. Upon deletion, your information will be removed within 30 days, except where retention is legally required.

Opt-Out: You can opt out of marketing communications by clicking the unsubscribe link in emails or adjusting your preferences in account settings.

GDPR & CCPA: If you are in the EU, you have additional rights under GDPR, including the right to restrict processing and object to processing. If you are in California, you have rights under CCPA. Contact us to exercise these rights.

7. Cookies & Tracking Technologies

Cookies: We use cookies to remember your preferences, maintain your session, and improve user experience. You can control cookies through your browser settings, though disabling cookies may affect functionality.

Web Beacons: We may use web beacons or similar technologies to understand how you interact with our site and measure the effectiveness of campaigns.

Analytics: We use third-party analytics tools to understand aggregate usage patterns. These services may collect information about your browsing behavior. You can review their privacy policies on their respective websites.

8. International Data Transfers

APIAtlas is based in the United States. If you access our service from outside the US, your information will be transferred to, stored in, and processed in the US. By using APIAtlas, you consent to this transfer. We implement appropriate safeguards including Standard Contractual Clauses for international transfers. We comply with GDPR requirements for EU data subjects.

9. Data Retention

We retain personal information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy. Account information is retained for the duration of your subscription plus 30 days after cancellation. Network traffic analysis data is retained according to your subscription tier and configuration. Backups are retained for 90 days for disaster recovery purposes. You can request deletion of your data at any time.

10. Children's Privacy

APIAtlas is not intended for children under 13 years of age. We do not knowingly collect information from children under 13. If we become aware that we have collected information from a child under 13, we will promptly delete such information and terminate the child's account. If you believe a child under 13 has provided information to us, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of significant changes by updating the effective date and, for material changes, by sending an email notification. Your continued use of APIAtlas following notification of changes constitutes your acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions about this Privacy Policy, your information, or our privacy practices, please contact us: