Privacy Policy

Last updated: May 27, 2026

1. Overview

publicsafetyapi.dev ("we", "us", "our") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights. We collect the minimum data necessary to operate the Service.

2. Data We Collect

Account data

Email address and hashed password, collected when you create an account. Used for authentication and service communications.

API usage data

When you make API requests, we log: the endpoint called, HTTP method, response status code, response time in milliseconds, and timestamp. Usage counts are stored against your API key to enforce quotas.

API keys

We store a SHA-256 hash of your API key and the first 13 characters as a display prefix. Your full API key is never stored after initial generation.

Payment data

If you subscribe to a paid plan, payment information is processed and stored by Stripe. We do not store credit card numbers or full payment details.

3. How We Use Your Data

  • Authenticate your account and API key requests
  • Enforce rate limits and monthly quotas
  • Detect and prevent abuse or fraud
  • Send transactional emails (account confirmation, password reset)
  • Improve the Service based on usage patterns
  • Respond to support inquiries

We do not sell your personal data. We do not use your data for advertising.

4. Third-Party Services

Supabase — database and authentication hosting. Your account data and API key hashes are stored here.

Stripe — payment processing for paid subscriptions.

Resend — transactional email delivery (account confirmation, password reset).

AWS — API infrastructure (Lambda, API Gateway) in us-west-2.

Cloudflare — portal hosting and DNS.

5. Data Retention

Account data is retained until you delete your account. API request logs are retained for 90 days then automatically purged. Payment records are retained as required by Stripe and applicable tax law.

6. Your Rights

You may delete your account at any time from your profile page — this permanently removes your account, API keys, and usage data. You may also request a copy of your data or ask us to delete it by contacting hello@districtapi.dev.

7. Cookies

We use session cookies for authentication (Supabase Auth). We do not use third-party tracking cookies or analytics cookies.

8. Security

All API traffic is served over HTTPS. API keys are stored as SHA-256 hashes — we cannot recover your key if lost. Passwords are hashed by Supabase Auth using bcrypt. Payment data never touches our servers.

9. Changes

We may update this policy from time to time. Material changes will be communicated by email. Continued use of the Service after changes constitutes acceptance.

10. Contact

Privacy questions: hello@districtapi.dev