Apilytics privacy policy

This is a registry and privacy policy in accordance with the EU General Data Protection Regulation (GDPR).

1. General

We hold the privacy of your personal information in the highest regard, and we do not collect or process any information about you that is not necessary for the operation of the service. This privacy policy contains information about what personal information we collect, how we process it, and what rights and opportunities you have over your information.

The Apilytics service processes personal information about you in accordance with this privacy policy and applicable law, so we ask that you read this privacy policy carefully. When you use our services, our website or contact us, your personal data is processed in accordance with this privacy policy.

2. For what purpose is my personal data collected and processed?

We collect, store and process personal information about you only for pre-defined purposes. Uses include:

  • Fulfillment of legal obligations and requirements
  • Ensuring the security of the service
  • Customer communication and answering contact requests
  • Improving the usability of the service, e.g. showing personalized content
  • Prevention of abuse and harassment

3. What personal information about me is collected and from what sources?

We collect personal information about you directly from you or your device when you use our service or contact us.

When you sign up we collect your email address. When you use the service, we collect the data for your origins and all metrics that the origins send to Apilytics through one of our open-source integration packages that you have installed. The origin data includes the name that you have provided for your origin. The metrics data includes HTTP methods, paths, query parameters, status codes, request/response sizes, user agents, execution times, system's platform name information, system's cpu and memory usage information, and package version information. The integration must be installed manually by you, and you are responsible that you possess the necessary rights for the data that is sent through the integration code to the Apilytics service. We also collect your email address when you join our mailing list. You can unsubscribe and delete that email info from us, by opening the unsubscribe link from any email that you have received.

The above information must be provided in order for us to provide the service to you. You are not legally obligated to provide the information, but in that case you will not be able to use our services.

In addition, some basic request information (e.g. IP-addresses, access times, and user agents) might be collected by us or our hosting provider.

We also use third party analytics tools to collect visitor data from the Apilytics website so that we can improve it. The data collected by them contains aggregate information from for example the number of visitors and the number of page views, and none of it can be connected to any individual users.

4. On what basis is personal data processed?

We make sure that we always have a legal basis for processing your personal information. We process your personal information to provide our service to you, improve our service and to manage the customer relationship between us and you as the user of our service. The legal basis for such processing is the performance of our mutual agreement (art. 6 1. b of the GDPR).

5. Who processes my data and is it passed on to third parties?

Your personal data is processed by persons belonging to our staff in the performance of their duties. In this case, we take care, among other things, by agreements that the confidentiality of your information is maintained, and that the information is processed in a lawful manner.

We may disclose your information to our contractual partners and/or subcontractors when it is necessary in order to provide our service. These partners include our hosting providers (Vercel, AWS) and email service (Namecheap). In these situations, we will take the necessary steps to protect your information, e.g. by signing appropriate data processing agreements with the processors.

We may also disclose your information to third parties or relevant authorities when required by law or by a competent authority, and to relevant third parties in connection of a planned share or business acquisition or sale.

6. Will my data be disclosed outside the EU?

Your data won't generally be transferred or processed outside the EU/EEA. However, there are situations where our partner or subcontractor used for providing the service, either resides or needs to transfer information outside the EU/EEA. These partners or subcontractors may process personal data when providing, for example, IT- or hosting services. In these cases, sufficient data protection is ensured by using approved transfer mechanisms, such as signing EU Commission’s standard contractual clauses in connection with the transfer.

7. How long will my personal information be kept?

We will automatically delete your data after two years of inactivity.

8. How is my information stored and protected?

Your information is stored on servers of the service providers described in section 5. The servers are protected in accordance with general industry practices and modern standards. The data and disclosing or transfer of the data is handled in accordance with sections 5 and 6 of this privacy policy.

9. What are cookies used for in the application?

We use cookies in the application to provide the best possible user experience. Cookies are short text files that a web server stores on the user’s device. Cookies allow us to authenticate you and to identify you between different visits. We also use cookies to improve security.

We don't use cookies provided by third parties.

10. What are my data protection rights?

The right to access – You have the right to request what information of yours we are processing and copies of your data.

The right to rectification – You have the right to request that we correct or update any information you believe is inaccurate. You also have the right to request us to complete any information you believe is incomplete.

The right to erasure – You have the right to request that we erase your personal data. Please note, that you are not able to use the service once your personal data is deleted from our systems.

The right to restrict processing – You have the right to request that we restrict the processing of your data, in practice this might mean that we delete it. Using this right may mean that you are no longer able to use the service.

The right to object to processing – You have the right to object to processing of your personal data, in practice this might mean that we delete it. Using this right may mean that you are no longer able to use the service.

The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

The right to make a complaint to relevant authorities – You have the right to make a complaint to the data protection authorities of the member state where you permanently reside or where the alleged non-compliance with the GDPR has happened. In Finland the relevant data protection authority is the Office of the Data Protection Ombudsman (www.tietosuoja.fi).

11. How can I exercise my rights?

You can exercise your rights described above by emailing us at hello@apilytics.io.

To generally access your basic data in the application, log in and open your account profile. Directly from there, you can view, edit, and most of your data.

12. Can this privacy policy be updated?

We may make updates to this privacy policy. The changes will take effect once we have published the updated privacy policy. If we make changes to the intents of this privacy policy, we announce them in our changelog.

13. Who can I contact about data protection issues?


Last updated on 2022-02-25.