1.Scope
This Privacy Notice explains what personal data Bullion API ("we", "us") collects, why we collect it, who we share it with, and what rights you have. It applies to the website at api.bullionapi.dev and the API endpoints under that domain. It does not apply to any third-party sites linked from our pages.
2.Data we collect
We collect the minimum needed to run the service:
- Account data: your name, email address and a hashed password (bcrypt via Better Auth) when you sign up.
- API keys: the keys you create. We store only their SHA-256 hash; the plaintext is shown to you once at creation and we cannot recover it.
- Request logs: for every API call we receive, we log a timestamp, the API key ID (not the key itself), the endpoint and currency, the HTTP status, the byte size of the response, and your IP address and user agent. We use these for abuse detection, quota enforcement and debugging.
- Billing data: handled by Stripe. We receive your plan, the Stripe customer ID and the subscription status back from Stripe. We do not see or store your card number.
- Support emails: anything you send us at hello@bullionapi.dev or one of the alias addresses listed in section 12.
We do not set tracking cookies, do not run advertising pixels, and do not sell or share personal data for marketing.
3.How we use it
We use the data above to:
- Provide, authenticate and bill the service.
- Enforce per-plan quotas and detect abusive usage.
- Diagnose outages and respond to support requests.
- Comply with legal obligations and respond to lawful requests.
- Notify you of service changes or security incidents that affect your account.
We do not use your data to train third-party models and we do not run behavioural advertising.
4.Sub-processors
We use the following sub-processors to operate the service. Each operates under a data-processing agreement with us that restricts use to the documented purposes.
- Cloudflare — hosting and edge compute for the API and website (data may transit Cloudflare’s global network).
- Neon — serverless Postgres for accounts, keys and request logs.
- Stripe — payment processing and subscription management. Card data is handled by Stripe and never touches our servers.
- metals.dev — upstream precious-metal and exchange- rate pricing. They see the currency and date of each fetch, not your account.
- Resend — transactional email (account verification, password reset, billing receipts). Used to deliver email you triggered.
We will give at least 30 days’ notice by email before adding a new sub-processor that handles customer personal data.
6.Retention
We keep data only as long as we need it:
- Account data: for as long as your account is active. On account deletion (which soft-deletes for 30 days to allow recovery) the data is purged within 30 days of the final deletion.
- API keys: retained while you have a key with that name. Revoking a key stops it working immediately and the row is deleted within 24 hours.
- Request logs: 90 days, then aggregated into anonymous counters. We use the aggregated counters indefinitely for capacity planning.
- Stripe billing history: Stripe retains this per their own policy (typically 7 years for tax/audit reasons). We retain the subscription status as long as the subscription is active.
- Support emails: deleted within 12 months of the last exchange unless we have a continuing business reason to keep them.
Where we are required to keep data longer for legal reasons (for example, anti-money-laundering records), we retain it for the minimum period required by law.
7.Your rights
Depending on where you live, you have some or all of these rights:
- Access — request a copy of the personal data we hold about you.
- Correction — ask us to fix anything wrong.
- Deletion — delete your account and the data we hold. The dashboard has a Delete account button; it removes everything within 30 days.
- Export — receive your data in a portable machine-readable format. We don’t have a self-serve button for this yet; email privacy@bullionapi.dev and we’ll send a JSON export within 30 days.
- Object or restrict — object to certain processing or ask us to pause it.
- Withdraw consent — where our lawful basis is consent, you can withdraw it at any time without affecting prior processing.
- Complain — to your local data protection authority.
We respond to verified requests within 30 days. We may need to confirm your identity before acting on a request.
8.Legal basis (GDPR / UK GDPR / CCPA)
Under the EU GDPR and UK GDPR we rely on the following bases:
- Contract: to provide the API you have signed up for, including authentication, billing and support.
- Legitimate interests: to keep the service secure (request logging, abuse detection), to keep records of financial transactions and to improve the product based on aggregate usage.
- Legal obligation: to comply with applicable law, respond to lawful requests and keep accounting records.
- Consent: for anything optional (for example, marketing emails, if we add them later).
Under the California Consumer Privacy Act (CCPA/CPRA), we do not sell or share personal information for cross-context behavioural advertising. California residents have the same access, deletion and portability rights listed above and can exercise them through the same channels.
If you are in a jurisdiction that requires a different lawful basis for any processing described here, contact us and we will work with you to resolve it.
9.Security
We protect data with controls proportionate to the sensitivity of the information:
- TLS everywhere — our service is HTTPS-only.
- Passwords are hashed with bcrypt through Better Auth; we never see them in plaintext.
- API keys are hashed with SHA-256 before storage; the plaintext is shown once at creation.
- Production access is gated by role, audited and limited to operational necessity.
- We log and alert on anomalous auth patterns (impossible travel, high-volume enumeration, key sharing).
No system is perfectly secure. If you find a vulnerability, please report it to security@bullionapi.dev rather than filing a public issue.
10.International transfers
Cloudflare, Neon and Stripe may process your data in the United States or other countries outside your own. Where we transfer personal data out of the EEA, the UK or Switzerland, we rely on the European Commission’s Standard Contractual Clauses (or the UK International Data Transfer Agreement) together with supplementary technical and organisational measures. Neon and Stripe publish their transfer mechanisms in their own privacy documentation; please review those if you need assurance specific to your situation.
11.Children
The Service is intended for adults. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, contact privacy@bullionapi.dev and we will delete it.
12.Changes and contact
We will post material changes on this page at least 14 days before they take effect and email the address on your account. The “Last updated” date at the top reflects the current version. Earlier versions are available on request.
Any question about this notice or how we handle your data: privacy@bullionapi.dev. Security disclosures: security@bullionapi.dev.