Datapio

Privacy Policy

Last updated: April 17, 2026

1. Introduction

Datapio ("we", "us", "our") operates the website and platform at datapio.app (the "Service"). This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and what rights you have in relation to it. By using the Service, you agree to the practices described in this Policy. If you do not agree, please stop using the Service.

This Policy applies to all users of the Datapio website, dashboard, and API. It does not cover third-party websites, services, or platforms that may be linked from our Service.

2. Information We Collect

2.1 Account Information

We support sign-in via Google and Apple OAuth. When you authenticate, we receive and store:

  • Your display name
  • Your email address
  • Your profile picture URL (if provided by the OAuth provider)
  • A unique identifier assigned by the OAuth provider

We do not receive or store your password. Authentication credentials are managed entirely by Google or Apple.

2.2 API Usage Data

When you use the Datapio API, we log information necessary to operate the Service, enforce rate limits, and detect abuse:

  • Request type, timestamp, and outcome (success/failure)
  • Credits consumed per request
  • Error messages, if applicable
  • Request execution time

2.3 Public Data Access — What the API Retrieves

Datapio exclusively retrieves publicly available data — content that any person can view on the relevant platform without creating an account or logging in. This includes public profiles, public posts, public search results, and other content openly accessible to the public.

Datapio does not retrieve, access, or process:

  • Private accounts or content restricted to followers or approved connections
  • Direct messages, private messages, or any non-public communications
  • Account credentials, passwords, or login sessions of end users on third-party platforms
  • Any content that requires a personal login to view

Our infrastructure manages proxy rotation and rate-limit handling on public endpoints only. No credentials belonging to end users of third-party platforms are stored or transmitted through our systems.

2.4 Data We Do Not Store

Datapio is a pass-through API service. The social media content retrieved by the API (such as user profiles, posts, or search results) is not stored in our database. API responses are delivered directly to you. For performance purposes, certain responses may be briefly cached in memory for up to 15 minutes, after which they are discarded automatically. We do not build or maintain any long-term database of social media content fetched on your behalf.

We also do not store your payment card numbers, bank account details, or full payment credentials.

2.5 Security and Technical Data

We collect technical data to maintain security and performance of the Service, including:

  • IP address (used for rate limiting, abuse detection, and geographic access controls)
  • Browser user agent string
  • Authentication session tokens (stored securely, not readable after creation)
  • API key hashes (we store only a cryptographic hash, never the key in plaintext)

2.6 Billing and Transaction Data

We do not collect or store your payment card details. Transaction records we store include:

  • Purchase amount, currency, and date
  • Credit pack purchased
  • Refund records, if applicable

2.7 Communications

If you contact us via email, we store your messages and contact details to respond to your inquiry and maintain a record of support interactions.

2.8 Cookies and Local Storage

We use strictly necessary cookies and browser session storage for authentication and maintaining your logged-in state. We do not use third-party advertising cookies, behavioral tracking cookies, or analytics pixels. You can disable cookies in your browser, but doing so will prevent you from signing in to the Service.

3. How We Use Your Information

We process your information for the following purposes:

  • Service delivery: To authenticate you, provide API access, track credit balances, and deliver the functionality of the platform.
  • Billing and payments: To record purchases, manage credit allocations, and process refunds.
  • Security and integrity: To detect and prevent unauthorized access, abuse, fraud, and violations of our Terms of Service.
  • Service communications: To send transactional emails such as purchase receipts, security alerts, and important policy updates.
  • Legal compliance: To fulfil our obligations under applicable law, including tax and financial record-keeping requirements.
  • Service improvement: To analyze aggregate usage patterns and diagnose technical issues. This analysis does not involve identifying individual users.

We do not use your personal data for advertising, profiling, or selling to third parties.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:

  • Contract performance: Processing necessary to provide the Service you have signed up for (account management, API access, billing).
  • Legitimate interests: Security monitoring, fraud detection, and aggregate service analytics — balanced against your privacy rights.
  • Legal obligation: Retaining financial and tax records as required by law.
  • Consent: Where required and not covered by the above, we will ask for your explicit consent.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share data in the following circumstances:

  • Authentication providers (Google, Apple): Sign-in is handled by these providers; your credentials are never shared back to them from our systems.
  • Cloud infrastructure providers: Our hosting providers may technically have access to data stored on their infrastructure; they are bound by data processing agreements.
  • Legal requirements: We may disclose your information if required by law, court order, or to protect the rights, property, or safety of Datapio, our users, or the public.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

6. Data Retention

  • Account data is retained for as long as your account remains active, and for up to 30 days after deletion (to allow recovery from accidental deletion).
  • API request logs are retained for 90 days, after which they are automatically purged.
  • Billing records are retained for a minimum of 7 years to comply with applicable financial and tax regulations.
  • Security logs (IP addresses, authentication events) are retained for up to 30 days.
  • Support emails are retained for up to 2 years from the date of the last interaction.

7. Data Security

We implement technical and organizational measures to protect your data, including:

  • Encryption in transit via TLS 1.2+ for all communications
  • Encryption at rest for sensitive fields (e.g., session tokens)
  • API keys stored as irreversible cryptographic hashes (SHA-256)
  • Access controls limiting data access to authorized personnel only
  • Regular security reviews and dependency audits

Despite these measures, no system is completely secure. We cannot guarantee the absolute security of your information. If we become aware of a data breach that affects your rights or freedoms, we will notify you as required by applicable law.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data, subject to legal retention obligations.
  • Right to data portability: Request your data in a machine-readable format.
  • Right to restrict processing: Request that we limit how we use your data in certain circumstances.
  • Right to object: Object to processing based on legitimate interests.
  • Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: File a complaint with your local data protection authority if you believe we have not handled your data lawfully.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days. We may need to verify your identity before processing your request.

9. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how it is used, the right to delete your personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact us at [email protected].

10. International Data Transfers

Datapio operates globally, and your data may be stored and processed in countries other than your country of residence, including countries that may not provide the same level of data protection as your home country. Where we transfer data internationally, we rely on appropriate safeguards such as standard contractual clauses approved by relevant regulatory authorities.

11. Children's Privacy

The Service is intended for users who are at least 18 years old. We do not knowingly collect personal information from persons under 18. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly. If you believe we have collected information from a minor, please contact us immediately at [email protected].

12. Third-Party Links

The Service may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you visit.

13. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 14 days' notice via email or a prominent notice on the website. The updated date at the top of this page indicates when changes were last made. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

14. Contact and Data Controller

For privacy-related questions, requests, or complaints, contact us at: [email protected]

We aim to respond to all privacy inquiries within 5 business days and to resolve requests within 30 days.