Privacy Policy

1. Information We Collect

When you create an account, we collect your email address and authentication profile information (name, avatar) provided by your OAuth provider (GitHub or Google). When you use the API, we log request metadata including timestamps, requested URLs, response times, and your API key identifier.

2. How We Use Your Information

• To provide and maintain the MetaLink API service
• To track usage against your plan limits
• To process payments via Stripe
• To send transactional emails (billing, security alerts)
• To improve service performance and reliability

3. Data Storage & Security

Your data is stored in Supabase (PostgreSQL) hosted in the US (us-east-1). API keys are hashed before storage. All data in transit is encrypted via TLS. Cached metadata is stored in Upstash Redis with a 24-hour TTL and contains no personal information.

4. Third-Party Services

We use the following third-party services:

• Supabase— Authentication and database
• Stripe— Payment processing
• PostHog— Product analytics
• Upstash— Redis caching
• Vercel— Frontend hosting
• Fly.io— API hosting

5. Data Retention

Account data is retained for the lifetime of your account. API request logs are retained for 90 days. Cached metadata expires after 24 hours. You may request deletion of your account and associated data at any time by contacting us.

6. Cookies

We use essential cookies for authentication session management. We do not use advertising or third-party tracking cookies.

7. Your Rights

You may access, update, or delete your personal data through your dashboard settings. To request a full data export or account deletion, contact us at privacy@metalinkapi.com.

8. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or a notice on the dashboard.