Privacy Policy

Last updated: March 25, 2026

What we collect

When you create an account, we collect your email address. When you make API calls, we log the endpoint, timestamp, response time, and API key ID. We do not log request bodies or search queries.

How we use it

We use your email to communicate about your account. We use API usage logs for billing, rate limiting, and service improvement. We do not sell your data to third parties.

API keys

API keys are hashed with SHA-256 before storage. We never store plaintext API keys. The full key is shown only once at creation.

Authentication

All API access requires a registered account. We use OAuth (GitHub/Google) and email magic links for authentication. We do not store passwords. Your OAuth provider may share your email and profile name with us at sign-in.

Data retention

API usage logs are retained for 90 days. Monthly aggregates are retained for billing purposes. You can request deletion of your account and associated data at any time.

Contact

For privacy questions, email privacy@chowapi.dev.