Privacy Policy
Effective date: April 17, 2026. Last updated: April 17, 2026.
Who We Are and What This Covers
This Privacy Policy explains how ApiCourier LLC ("ApiCourier," "we," "us," or "our") collects, uses, and protects personal information across two related contexts:
- The website at apicourier.dev, including marketing pages, the Insider waitlist, the support form, and any documentation or blog content.
- The desktop application and CLI (the "app"), including license activation, update checks, optional telemetry, and optional online features (billing portal, Team infrastructure, hosted mock gateway, Enterprise identity integrations).
Throughout this Policy we refer to both together as the "Services" and call out which context applies.
Information We Collect
When you visit the website
- Request and network data — IP address, user agent, referring page, timestamps, and general geolocation at country/region level. Processed primarily by Cloudflare as our hosting and edge provider.
- Anti-abuse signals — when the support/portal form is enabled, Cloudflare Turnstile may collect behavioral signals and assign a verification token to distinguish humans from bots.
- Cookies and similar technologies — see "Cookies and Similar Technologies" below.
When you join the Insider waitlist or submit a form
- Email address (required for the Insider waitlist, processed by EmailOctopus on our behalf).
- Name and contact details you voluntarily provide in support or contact forms.
- Message content of any support request or feedback you send.
When you create an account or subscribe
- Account information — name, email address, and password credentials.
- Billing and subscription data — processed by Stripe. Stripe collects billing name, billing address, payment method details, and tax information directly. We receive transaction metadata (amount, status, country, tax amount) but not full payment card numbers.
When you use the desktop application
- License validation — the app periodically contacts our servers to validate your subscription status. This request includes your license identifier, app version, and operating system. It does not include your collections, requests, scripts, or local data.
- Update checks — the app may check for available updates and download installers from our distribution endpoints.
- Crash reports and diagnostics (if enabled in app settings) — stack traces, app version, OS version, and non-identifying session metadata. You can disable this.
What stays on your machine. Your API collections, environments, request/response content, scripts, database connection strings, and any secrets you define as variables are stored locally in your workspace (as YAML files or in OS-level secret storage where available). We do not upload, mirror, or index this content. The only exceptions are optional features you explicitly enable — Team shared environments, hosted mock gateway, or similar — which transmit only the data you choose to share through those features.
Cookies and Similar Technologies
We use a small number of cookies and similar technologies. We do not use advertising or cross-site tracking cookies.
| Provider | Purpose | Type |
|---|---|---|
| Cloudflare | Infrastructure, bot management, performance (e.g., __cf_bm, cf_clearance) |
Strictly necessary |
| Cloudflare Turnstile | Anti-bot verification on the support/portal form (only when enabled) | Strictly necessary |
| EmailOctopus | Session handling for the Insider waitlist form | Strictly necessary |
| Site preferences | Local storage for theme and UI preferences set by you | Functional |
You can block or delete cookies through your browser settings. Blocking strictly necessary cookies may prevent certain forms or anti-abuse checks from working correctly.
How We Use Information
- Provide, maintain, and improve the Services.
- Process purchases, subscriptions, taxes, and billing support requests.
- Send Insider waitlist updates and transactional emails related to your account (such as receipts or security notices).
- Respond to support inquiries and communicate product updates you have subscribed to.
- Protect the Services and users against fraud, abuse, and security threats.
- Comply with legal obligations and enforce our agreements.
Payments and Tax Processing
Payments are processed by Stripe. Stripe may collect billing name, billing address, and payment method details directly to complete transactions and calculate and apply sales tax, VAT, GST, or similar taxes where required. We receive transaction metadata (for example, amount, status, country, and tax amounts), not full payment card numbers. For details about Stripe's processing practices, see Stripe's privacy notice.
Who We Share Information With
We do not sell your personal information. We share limited information only as needed to operate the Services, including with the following processors:
| Processor | Role | Data processed |
|---|---|---|
| Cloudflare | Hosting, edge delivery, bot management, Turnstile anti-abuse | Request metadata, IP address, user agent, behavioral signals |
| Stripe | Payment processing and tax calculation | Billing name/address, payment method, transaction data, tax info |
| EmailOctopus | Insider waitlist and transactional email delivery | Email address, list membership status |
| Git / code hosting providers | Only if you explicitly use Git features to push your workspace | Whatever you choose to commit, at your direction |
We may also disclose information to professional advisors and to authorities when required by law, or in connection with a merger, acquisition, or sale of assets (in which case we will provide notice).
International Transfers
ApiCourier LLC is based in the United States, and our processors operate globally. If you access the Services from outside the United States, your information will be transferred to and processed in the United States and other countries where we or our processors operate. For transfers from the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate safeguards where applicable, including the Standard Contractual Clauses published by the European Commission and equivalent UK/Swiss mechanisms.
Data Retention
We retain personal information only as long as needed for the purposes described in this Policy, including to meet contractual, legal, accounting, and security requirements. Illustrative retention periods:
- Account data — retained for the life of your account. On account closure, retained for up to 90 days to support recovery, then deleted or anonymized except where longer retention is required by law.
- Billing records — retained for up to 7 years to meet accounting and tax obligations.
- Server and request logs — typically 30–90 days, as configured at the infrastructure provider level (primarily Cloudflare).
- Support communications — retained for up to 2 years after the ticket is closed, for product improvement and recurrence analysis.
- Waitlist email — retained until you unsubscribe or we close the waitlist, whichever is sooner.
- Crash reports / diagnostics — retained for up to 180 days if enabled.
Account Closure and Deletion
You can close your account at any time by contacting us at privacy@apicourier.dev. On closure, we will delete or anonymize personal information associated with your account within 90 days, except for records we are required to retain by law (for example, tax records).
Your Rights and Choices
Depending on your location, you may have rights to access, correct, delete, restrict, or object to certain processing of your personal information. You may also have the right to data portability and to withdraw consent where processing is based on consent.
California (CCPA/CPRA)
If you are a California resident, you have the right to know what personal information we collect, to request deletion, to correct inaccurate information, to opt out of "selling" or "sharing" (we do not do either), and to limit the use of sensitive personal information. We do not use sensitive personal information for purposes that would trigger the right to limit. To exercise your rights, contact us at privacy@apicourier.dev. You may also designate an authorized agent to make a request on your behalf.
European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR / FADP)
If you are in the EEA, UK, or Switzerland, you have the rights described above, plus the right to lodge a complaint with your local data protection authority. See "Lawful Bases for Processing" below for the legal grounds we rely on for each category of processing.
To make any request, contact us at privacy@apicourier.dev. We may verify your identity before completing a request.
Lawful Bases for Processing (EEA/UK)
- Contract — to provide the Services, manage your account, and process payments.
- Legitimate interests — to operate and improve the Services, prevent abuse, and secure our infrastructure, balanced against your rights.
- Consent — for the Insider waitlist and any optional marketing communications. You can withdraw consent at any time.
- Legal obligation — to comply with tax, accounting, and other applicable laws.
Security
We use commercially reasonable technical and organizational safeguards to protect personal information, including encryption in transit, access controls, and hardened infrastructure. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
Children and Minors
The Services are not directed to children. We do not knowingly collect personal information from anyone under 16, or under the minimum age required in your jurisdiction if that age is higher. If you believe a minor has provided us with personal information, contact us and we will take appropriate steps to remove it.
Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last updated" date and provide additional notice where required.
Contact Us
ApiCourier LLC
Registered office: 502 W 7th ST, STE 100, Erie, PA 16502, USA
Principal place of business: Montgomery County, Pennsylvania, USA
Privacy contact: privacy@apicourier.dev
Legal contact: legal@apicourier.dev
General support: Contact ApiCourier