Privacy Policy

What Data Is Collected

When you visit this site, standard request metadata may be logged for security, abuse prevention, and rate limiting purposes. This may include information such as your IP address, request details, browser and device information, referrer URL, bot-detection signals, and request timestamps.

No names, email addresses, or account information are collected. This site does not intentionally use cookies for analytics, advertising, or user tracking. This site does not intentionally use third-party advertising or behavioral tracking scripts.

Referrer URLs are logged as transmitted by the browser and may occasionally contain query parameters from third-party sites.

Why It Is Collected

This data is collected solely for the following operational purposes:

• Rate limiting: To prevent abuse and ensure fair access to the service by enforcing per-IP and per-client request limits.
• Security: To detect and block malicious traffic, bots, and denial-of-service attempts.
• Audit logging: To investigate anomalies and tune rate limit policies after the fact.

The lawful basis for this processing is Legitimate Interest under GDPR Article 6(1)(f). Protecting the availability and integrity of the service is a legitimate interest that outweighs the minimal privacy impact of logging standard request metadata.

How Long Data Is Retained

Request logs are retained for a maximum of 1 year, after which they are automatically deleted. No backups of this data are kept beyond that period.

A one-year retention period is maintained because this site operates publicly exposed APIs and rate limiting infrastructure. Longer retention supports investigation of repeated abuse patterns, multi-month traffic anomalies, and tuning of rate-limit policies over time.

Data Sharing and International Transfers

This data is not sold or used for advertising purposes. However, as part of normal infrastructure operations, data may be processed by third-party infrastructure providers for hosting, networking, DDoS protection, and security purposes. These providers primarily act as data processors or service providers and are contractually bound to process data only for those purposes.

Data may be processed in countries outside your jurisdiction depending on the hosting infrastructure used. Infrastructure providers are selected based in part on their use of Standard Contractual Clauses (SCCs) or equivalent safeguards for international data transfers.

Your Rights

If you are located in the European Economic Area, you have rights under the General Data Protection Regulation (GDPR), including the right to access your data, request deletion, and object to processing based on legitimate interest.

Practical limitations: Request logs are stored by IP address only. There are no user accounts or names linked to this data. If you submit a deletion request, you must include the IP address you were using. Because IP addresses are dynamic and shared, we cannot guarantee that all records belong exclusively to you, and deletion is performed on a best-effort basis.

This processing is necessary to protect the service from abuse and maintain availability, and the site cannot reasonably operate without this limited logging.

You may also lodge a complaint with your local data protection authority if you believe your data is being processed unlawfully.

For more information about GDPR rights, see the official overview at gdpr.eu.

To exercise any rights, contact: [email protected]

Changes to This Policy

If this policy changes materially, the "Last updated" date at the top of this page will be revised. Because this site processes data under Legitimate Interest rather than consent, your continued use of the site is not treated as legal acceptance — the updated policy simply reflects current practice.