Privacy Policy

We collect the following types of information:

Account Information

• Email address and display name
• Password (stored securely via Supabase Auth — we never store plaintext passwords)
• Publisher profile information (if you publish tools)

API Usage Data

• API call logs (endpoint, timestamp, response status, latency)
• API key metadata (creation date, last used — never the key value after creation)
• Usage quotas and rate limit metrics

Payment Information

• Billing history and transaction records
• Payment method details are handled directly by Stripe — we do not store card numbers

Technical Data

• IP address and browser user-agent (for security and abuse prevention)
• Device type and general location (country-level)

We use collected information to:

• Provide, maintain, and improve the Platform
• Authenticate your identity and manage your account
• Process payments and manage billing
• Monitor API usage, enforce rate limits, and prevent abuse
• Generate aggregated, anonymized analytics for tool publishers
• Send important service notifications (security alerts, billing updates)
• Respond to support requests

We do not sell your personal data. We do not use your data for advertising.

We use the following third-party services to operate the Platform:

We implement appropriate technical and organizational measures to protect your data, including:

• Encrypted connections (HTTPS/TLS) for all data in transit
• Encrypted storage for sensitive data at rest
• API keys are stored with encryption at rest
• Regular security reviews and dependency updates
• Access controls and audit logging for internal systems

While we strive to protect your data, no method of transmission or storage is 100% secure. You are responsible for keeping your account credentials and API keys confidential.

You have the right to:

• Access — Request a copy of the personal data we hold about you
• Correction — Update or correct inaccurate personal data via your account settings
• Deletion — Request deletion of your account and associated personal data
• Export — Request an export of your data in a machine-readable format
• Objection — Object to specific data processing activities

To exercise any of these rights, contact us at support@invok.it. We will respond within 30 days.

We retain your account data for as long as your account is active. API usage logs are retained for 90 days for operational purposes, after which they are aggregated and anonymized.

When you delete your account, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records).

We use minimal cookies necessary for the Platform to function:

• Authentication cookies — To maintain your logged-in session
• Preference cookies — To remember your settings (e.g., dark mode)

We do not use third-party tracking cookies or advertising cookies.

The Platform is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The “Last updated” date at the top of this page reflects the most recent revision.

For questions or concerns about this Privacy Policy or your data, contact us at support@invok.it.