Privacy Policy
Last Updated: March 26, 2026
At MyApi ("Company," "we," "us," or "our"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information. By accessing or using our Service, you agree to these terms.
1. Our Service
MyApi provides:
- OAuth Integration: Securely connect and manage third-party accounts
- Token Vault: Encrypted storage for API credentials and personal tokens
- Access Management: Master tokens and scoped guest access
- Personas & Docs: Identity and context management
Third-Party Services Note:
Any collection, use, and management of personal information by OAuth providers (Google, GitHub, etc.) are governed by their privacy policies. You must comply with their terms when connecting services.
Age Requirement:
MyApi is not intended for children under 18. We do not knowingly collect data from users under 18.
2. What Information Do We Collect?
Account Information
- Name, email address, profile information
- Password (hashed, never stored plaintext)
- Billing information if you use paid services
- Language, timezone, communication preferences
Your Content
- OAuth tokens from connected services
- API keys and credentials (encrypted)
- Files and documents you upload
- Messages and workspace data
Automatic Collection
- IP address and geolocation
- Browser type, OS, device information
- Usage data and analytics
- Login timestamps and frequency
- Cookies and session data
- Error logs and performance metrics
Support Data
- Customer support inquiries and feedback
- Emails and communication history
- Screenshots or information you provide
3. How Do We Use Your Information?
We use your information to:
Providing the Service:
- Authenticate your account
- Manage OAuth connections
- Store encrypted tokens and credentials
- Process API requests
- Handle payments and billing
Security & Compliance:
- Prevent fraud and abuse
- Maintain service security
- Comply with legal obligations
- Monitor for unauthorized access
- Improve security measures
Communication:
- Send transactional emails (account, billing, security)
- Send notifications you've requested
- Respond to support inquiries
- Notify about service changes
Improvement:
- Analyze usage patterns
- Identify and fix issues
- Improve features and performance
- Better understand your needs
Analytics:
- Aggregate anonymous usage data
- Measure service effectiveness
- Plan improvements and new features
Marketing (with your consent):
- Send promotional emails
- Inform about new features
- Share product announcements
We DO NOT:
- Sell personal data
- Share data with marketing companies
- Use private files to train AI
- Trade data with data brokers
4. Data Retention
| What | How Long |
|---|---|
| Account information | Until account deletion (then immediately deleted) |
| OAuth tokens | Until disconnected or account deletion |
| Session data | 7 days (auto-deleted) |
| Notifications | 60 days (auto-deleted) |
| Audit logs | Indefinitely (for security/compliance) |
| Support tickets | 1 year, then deleted |
When you delete your account:
- All account data deleted immediately
- OAuth tokens revoked
- Files and documents removed
- Cannot be undone or recovered
What we cannot delete:
- Audit logs (kept for security, de-identified)
- Legal hold data (if legally required)
5. Who Can Access Your Information?
We do not sell or rent your information.
We may share limited information with:
Service Providers
- Hosting and infrastructure providers
- Payment processors (PCI certified)
- Email delivery services
- Analytics and monitoring tools
- All under data protection agreements
Authorized Personnel
- Customer support (to help you)
- Security team (to investigate threats)
- Engineering (to improve the Service)
- All bound by confidentiality
Legal Requirements
- Law enforcement (with valid court order)
- Regulatory authorities (as required by law)
- To protect rights, safety, or property
- To investigate illegal activity
- To comply with legal obligations
Business Transfers
- In case of merger or acquisition
- New owner will be required to honor this policy
- We will notify you if this occurs
Resellers & Partners
- If you purchased through a reseller, they may receive limited info to support you
- Under strict data protection agreements
6. Your Privacy Rights
General Rights
You can:
- Access your account data anytime (via dashboard)
- Update or correct your information
- Request a copy of your data
- Request deletion of your account
GDPR Rights (EU Users)
- Access: Request a copy of your data
- Correction: Correct inaccurate information
- Deletion: Delete your account and data
- Portability: Export data in standard format
- Restrict: Limit how we use your data
- Object: Opt out of certain processing
- Withdraw consent: Withdraw at any time
CCPA Rights (California Users)
- Know: What data we collect
- Delete: Request deletion
- Opt-Out: Opt out of data sales (we don't sell)
- Non-Discrimination: No penalties for exercising rights
How to Exercise Your Rights
Email: [email protected]
- Subject: "Privacy Request: [Your Request Type]"
- Response time: 30-45 days
7. Data Security
We implement:
- HTTPS encryption for all data in transit (TLS 1.2+)
- AES-256 encryption for sensitive data at rest
- Multi-factor authentication support
- Role-based access control (need-to-know basis)
- Regular security audits and penetration testing
- Encrypted daily backups with secure storage
- 24/7 incident response team
However, no system is 100% secure. Use the Service at your own risk.
8. Cookies & Tracking
Session Cookies (Required)
- Keep you logged in securely
- 7-day expiration
- Cannot be disabled (required for login)
Analytics (Optional)
- Google Analytics for usage metrics
- You can opt-out via browser settings
- We respect "Do Not Track" signals
Marketing (Optional)
- Facebook/Twitter pixels for ad effectiveness
- Can be disabled in browser settings
You can control cookies via your browser settings.
9. International Transfers
Your data is stored primarily in the United States.
For EU Users:
- US law provides different data protections than EU law
- The US government may request data via legal process
- By using MyApi, you accept this data transfer
- We use Standard Contractual Clauses for transfers
For all users:
- Social media data may be shared globally (per OAuth providers' practices)
- Third-party services process data in their locations
10. Children's Privacy
MyApi is not intended for users under 18. We:
- Do not knowingly collect data from minors
- Will delete such data if discovered
- Will notify parents/guardians
11. Third-Party Services
When you connect OAuth services (Google, GitHub, Slack, etc.):
- Their policies apply to your interaction with them
- We only store your token, not your personal data
- You see their consent screen to approve permissions
- We are not responsible for their security or changes
12. Contact Us
General Privacy Questions:
- Email: [email protected]
- Response: 5 business days
Security Issues:
- Email: [email protected]
- Response: 48 hours
GDPR/CCPA Requests:
- Email: [email protected]
- Subject: "GDPR Request: [Access/Delete/Export]"
- Response: 30-45 days
13. Changes to This Policy
We may update this policy anytime to reflect service changes, legal requirements, and other factors. We'll notify you of material changes via email.
Your continued use constitutes acceptance of changes. If you disagree, delete your account.
14. Compliance Statements
GDPR: We comply with EU General Data Protection Regulation requirements.
CCPA: We comply with California Consumer Privacy Act requirements.
COPPA: We do not target children under 13.
CAN-SPAM: Unsubscribe from marketing emails anytime via the link in each email.
By using MyApi, you agree to this Privacy Policy.