Privacy Policy

Valuein ("we," "us," or "our") operates the valuein.biz website and related API services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our Service. By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

We collect several types of information to provide and improve our Service.

Account Information: When you create an account, we collect your name, email address, and authentication credentials provided through third-party OAuth providers (Google, GitHub, or LinkedIn). We do not store your OAuth provider passwords.

Payment Information: When you subscribe to a paid plan, payment processing is handled entirely by Stripe, Inc. We receive and store your Stripe customer identifier, subscription status, plan tier, and billing cycle dates. We do not receive or store your full credit card number, CVV, or bank account details.

Usage Data: We automatically collect information about how you interact with the Service, including API request logs (endpoint, timestamp, response status code, response time), IP addresses, API key identifiers, request volume and rate limit utilization, and referring URLs when you visit our website.

Device and Browser Data: When you visit our website, we collect browser type and version, operating system, screen resolution, and language preference. This data is collected through standard HTTP headers and Cloudflare Analytics.

Cookies and Similar Technologies: We use session cookies to maintain your authentication state and preferences. See the "Cookies and Tracking" section below for details.

We use the information we collect for the following purposes:

Service Delivery: To provision and maintain your account, generate and manage API keys, enforce rate limits by subscription tier, deliver financial data through our API and SDK, and process Parquet file downloads.

Billing and Payments: To process subscription payments, manage plan upgrades and downgrades, issue invoices and receipts, and detect and prevent payment fraud.

Communications: To send transactional emails related to your account (welcome emails, password resets, API key notifications, billing confirmations), respond to support requests, and send product updates and changelog notifications. We do not send unsolicited marketing emails. You may opt out of non-transactional communications at any time.

Security: To detect unauthorized access or abuse of our API, enforce acceptable use policies, monitor for anomalous request patterns, and protect against distributed denial-of-service attacks.

Service Improvement: To analyze aggregate usage patterns to improve API performance and reliability, identify popular data endpoints to prioritize development, and monitor error rates and latency to maintain service quality.

Legal Compliance: To comply with applicable laws and regulations, respond to lawful requests from public authorities, and enforce our Terms of Service and Data License Agreement.

We do not sell your personal information to third parties. We share your information only with the following categories of service providers who process data on our behalf:

Stripe, Inc.: Processes all payment transactions. Stripe receives your payment method details, billing address, and email address to process charges and manage subscriptions. Stripe's privacy policy is available at stripe.com/privacy.

Cloudflare, Inc.: Provides our infrastructure including content delivery, DDoS protection, DNS, edge computing (Workers), key-value storage, and static asset hosting (Pages). Cloudflare processes your IP address, request headers, and request content as part of delivering our Service. Cloudflare's privacy policy is available at cloudflare.com/privacypolicy.

Resend, Inc.: Delivers transactional emails on our behalf. Resend receives your email address and email content for delivery purposes. Resend's privacy policy is available at resend.com/legal/privacy-policy.

OAuth Providers (Google, GitHub, LinkedIn): When you choose to authenticate using a third-party provider, that provider shares your name, email address, and profile photo with us according to the permissions you grant during the OAuth flow. We do not share your Valuein usage data back to these providers.

We may also disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

We retain your information for the following periods:

Account Data: We retain your account information (name, email, authentication records) for as long as your account is active. If you delete your account, we will delete your personal account data within 30 days, except where retention is required by law.

API Usage Logs: We retain detailed API request logs (including IP addresses and request metadata) for 90 days for operational and security purposes. Aggregated, anonymized usage statistics may be retained indefinitely for service improvement.

Payment Records: We retain billing records, invoices, and transaction history for seven (7) years to comply with tax and financial reporting obligations under United States law.

Support Communications: We retain support email threads and associated metadata for two (2) years after the most recent interaction.

After the applicable retention period, data is permanently deleted or irreversibly anonymized.

Depending on your jurisdiction, you may have the following rights regarding your personal information:

For All Users: You may access, update, or delete your account information at any time through your account settings page. You may request a copy of the personal data we hold about you by emailing [email protected]. You may request deletion of your account and associated personal data.

For European Economic Area (EEA) Residents — GDPR Rights: If you are located in the EEA, you have the right to access your personal data and receive a copy in a portable format, the right to rectification of inaccurate personal data, the right to erasure ("right to be forgotten"), the right to restrict processing of your personal data, the right to object to processing based on legitimate interests, and the right to lodge a complaint with your local data protection authority. Our legal basis for processing personal data is performance of a contract (providing the Service you subscribed to), legitimate interests (security monitoring, service improvement), and consent (where applicable, such as optional marketing communications).

For California Residents — CCPA Rights: If you are a California resident, you have the right to know what personal information we collect, use, and disclose, the right to request deletion of your personal information, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your privacy rights. To exercise any of these rights, contact us at [email protected]. We will respond to verified requests within 30 days.

We use a minimal set of cookies and tracking technologies:

Essential Session Cookies: Required for authentication and maintaining your logged-in state. These cookies are strictly necessary for the Service to function and cannot be disabled.

Cloudflare Analytics: We use Cloudflare Web Analytics, which is a privacy-first analytics service that does not use cookies, does not track individual users across sites, and does not collect personal information. It provides aggregate page view and visit data only.

We do not use Google Analytics, Facebook Pixel, or any third-party advertising trackers. We do not serve targeted advertisements. We do not engage in cross-site tracking.

You can configure your browser to refuse all cookies, but this may prevent you from using authenticated features of the Service.

We implement industry-standard security measures to protect your personal information:

Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher. All API endpoints enforce HTTPS.

Encryption at Rest: Sensitive data stored in our infrastructure (including API keys and authentication tokens) is encrypted at rest using AES-256 encryption.

Access Controls: Access to production systems and customer data is restricted to authorized personnel on a need-to-know basis. API keys are hashed before storage and can be rotated by the account holder at any time.

Infrastructure Security: Our infrastructure is hosted on Cloudflare's global network, which provides built-in DDoS protection, Web Application Firewall (WAF) rules, and network-level security.

While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we commit to promptly notifying affected users in the event of a data breach in accordance with applicable law.

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected].

Our infrastructure is distributed globally through Cloudflare's network. By using the Service, you acknowledge that your information may be transferred to and processed in the United States and other countries where Cloudflare operates edge nodes. These countries may have data protection laws that differ from those in your country of residence. We rely on Cloudflare's data processing agreements and standard contractual clauses where applicable to ensure adequate protection of transferred data.

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and notify registered users by email at least 14 days before the changes take effect. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this page periodically for the latest information on our privacy practices.

If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how we handle your information, contact us at:

Valuein Email: [email protected]