Privacy Policy
March 13, 2026
This policy explains what personal data we collect, why, and on what legal basis. We process as little data as possible and do not sell, share with advertisers, or use your data for profiling.
account data
Email address, hashed password, subscription plan. Collected at registration.
legal basis: Art. 6(1)(b) DSGVO (contract performance)
api usage data
Request timestamps, endpoints called, response codes, IP addresses. Collected automatically per API request.
legal basis: Art. 6(1)(b) DSGVO (contract performance, rate limiting) and Art. 6(1)(f) DSGVO (legitimate interest in abuse prevention and service security)
server log files
Your browser type, operating system, referrer URL, IP address, and time of access are automatically transmitted by your browser. These are stored in server log files.
legal basis: Art. 6(1)(f) DSGVO (legitimate interest in stable and secure operation)
payment data
Processed entirely by Stripe. We store only your Stripe customer ID and subscription status. We never see or store card numbers, bank details, or billing addresses.
legal basis: Art. 6(1)(b) DSGVO (contract performance)
passkeys (WebAuthn)
Credential IDs and public keys. No biometric data ever leaves your device or is transmitted to our servers.
legal basis: Art. 6(1)(a) DSGVO (consent, as passkey registration is optional)
To provide the Service: authenticate API requests, enforce rate limits, deliver threat intelligence data.
To communicate: email verification, security notices (new API key created), account status changes. We do not send marketing emails or newsletters.
To protect the Service: abuse detection, rate limit enforcement, fraud prevention.
To improve the Service: aggregated, anonymized usage statistics to understand which endpoints are most used. No individual tracking or profiling.
Account data is retained for the duration of your account. When you delete your account, all personal data is deleted within 30 days.
API request logs (including IP addresses) are retained for 90 days for rate limiting and abuse prevention, then automatically deleted.
Server log files are retained for 14 days.
Invoicing data is retained for 10 years as required by German tax law (Section 147 AO).
Stripe Inc.
Payment processing. Data transferred to the US under EU-US Data Privacy Framework. Privacy policy.
Resend Inc.
Transactional email delivery (verification, security notices). Processes your email address. Privacy policy.
Cloudflare Inc.
DNS, CDN, and DDoS protection. Processes IP addresses and request metadata. Data transferred to the US under EU-US Data Privacy Framework. Privacy policy.
Some processors are based in the United States. Transfers are safeguarded by the EU-US Data Privacy Framework or Standard Contractual Clauses (Art. 46(2)(c) DSGVO) where applicable.
We use a single technically necessary session cookie for authentication. No tracking cookies, no analytics cookies, no third-party cookies. This cookie is strictly necessary for the operation of the Service and does not require consent under Section 25(2) TDDDG.
Under the DSGVO, you have the following rights regarding your personal data:
right of access (Art. 15 DSGVO) - obtain confirmation whether we process your data and request a copy
right to rectification (Art. 16 DSGVO) - correct inaccurate personal data
right to erasure (Art. 17 DSGVO) - request deletion of your personal data
right to restriction (Art. 18 DSGVO) - restrict the processing of your data
right to data portability (Art. 20 DSGVO) - receive your data in a structured, machine-readable format
right to object (Art. 21 DSGVO) - object to processing based on legitimate interests
right to withdraw consent (Art. 7(3) DSGVO) - withdraw previously given consent at any time
To exercise any of these rights, email [email protected]. We will respond within 30 days.
You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 DSGVO). The competent authority for our business is:
Der Landesbeauftragte fur den Datenschutz und die Informationsfreiheit Baden-Wurttemberg
Lautenschlagerstrasse 20, 70173 Stuttgart
We may update this policy. Material changes will be communicated via email. The current version is always available at rdintel.com/privacy.