Skip to main content

Privacy Policy

Last updated: April 2026

1. Introduction

APIDelta ("we", "us", or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our API changelog monitoring platform ("the Service").

We comply with applicable data protection regulations, including the General Data Protection Regulation (GDPR) for users in the European Economic Area.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and authentication credentials (or OAuth tokens if you sign in with GitHub). This is necessary to provide and secure the Service.

Team and Configuration Data

We store your team workspace settings, monitored API URLs, alert configurations, and notification preferences. This data is required for the Service to function.

Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, and timestamps. We use this to improve the product and diagnose issues.

Payment Information

Payment processing is handled by Stripe. We do not store your credit card number, CVV, or full payment details on our servers. Stripe may collect and process your payment information in accordance with their Privacy Policy.

Changelog Content

We crawl and store publicly available changelog content from the third-party API URLs you configure. This content is publicly available and is not personal data.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process changelog data and deliver AI-classified alerts to your configured channels
  • Process payments and manage your subscription
  • Send you transactional emails (account verification, billing receipts, alert notifications)
  • Communicate product updates and important service changes
  • Monitor and analyze usage trends to improve the user experience
  • Detect, prevent, and address security issues

4. Third-Party Services

We use the following third-party services that may process your data:

  • Stripe — payment processing
  • Vercel — web application hosting and analytics
  • Anthropic (Claude API) — AI classification of changelog entries (only publicly available changelog text is sent; no personal data)
  • Slack — alert delivery (only when you configure a Slack integration)

Each third-party service operates under its own privacy policy. We encourage you to review their policies.

5. Data Retention

We retain your account and configuration data for as long as your account is active. Changelog data and change history are retained according to your plan (7 days for Starter, 90 days for Pro).

When you delete your account, we remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records).

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Team-scoped data isolation (multi-tenant architecture with strict access controls)
  • Regular security reviews and dependency monitoring

No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee its absolute security.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your personal data
  • Portability — request your data in a machine-readable format
  • Restriction — request that we limit processing of your data
  • Objection — object to processing of your data for certain purposes

To exercise any of these rights, contact us at privacy@apidelta.dev. We will respond within 30 days.

8. Cookies and Tracking

We use essential cookies required for authentication and session management. We do not use third-party advertising cookies. Analytics data is collected in aggregate form to improve the Service.

9. International Data Transfers

Our Service is hosted in the United States. If you access the Service from outside the US, your data may be transferred to and processed in the US. We ensure appropriate safeguards are in place for international transfers in compliance with GDPR and other applicable regulations.

10. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top reflects the most recent revision.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at:

privacy@apidelta.dev