Privacy Policy
1 Overview
APInexis ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains what information we collect when you use our platform at apinexis.web.app and associated services, how we use it, and what choices you have.
This policy applies to all users of APInexis, including visitors to our public pages, registered Free plan users, and paying Starter and Pro subscribers.
2 Data We Collect
We collect the minimum data necessary to provide the Service. Here is a complete inventory of what we collect and why:
- Name (from Google or registration)
- Email address
- Profile photo URL (Google OAuth)
- Password (hashed, never plaintext)
- Account creation date
- Workspace names and descriptions
- Collection schemas you define
- Persistent dummy data rows
- Endpoint configurations
- Auth token hashes (SHA-256)
- Request logs (IP, path, method, timestamp)
- Response times and status codes
- Auth pass/fail events
- Monthly request count per workspace
- Feature usage (code export, docs views)
- Plan type and status
- Subscription start/end dates
- Payment method type (card brand, last 4)
- Invoice history
- Note: card data stored by Lemon Squeezy only
We do not collect or require you to enter real personal data of third parties (e.g., real user profiles, real customer records) into the platform. APInexis is designed for dummy/mock data only.
3 How We Use Your Data
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide and operate the Service | Account data, workspace content | Contract performance |
| Process payments and manage subscriptions | Billing data, email | Contract performance |
| Send transactional emails (receipts, plan changes) | Email, plan data | Contract performance |
| Send product update and onboarding emails | Legitimate interest | |
| Monitor platform health and prevent abuse | Usage data, IP address | Legitimate interest |
| Enforce Terms of Service | Account data, usage data | Legitimate interest |
| Respond to support requests | Account data, workspace content (if shared) | Legitimate interest |
| Comply with legal obligations | Any relevant data | Legal obligation |
We do not use your data for behavioral advertising, profiling, or any automated decision-making that significantly affects you.
4 Third-Party Services
APInexis uses the following third-party services to operate. Each has their own privacy policy:
| Service | Purpose | Data Shared |
|---|---|---|
| Firebase Auth (Google) | Authentication | Email, name, UID |
| Cloud Firestore (Google) | Database — workspace & user data | All workspace content |
| Firebase Cloud Functions (Google) | Mock API handler & backend logic | Request data, workspace config |
| Firebase Hosting (Google) | Web app hosting | IP address, user agent |
| Cloudflare | DDoS protection, CDN, DNS | IP address, request metadata |
| Lemon Squeezy | Payment processing & billing | Email, payment method, purchase history |
| Resend | Transactional email | Email address, email content |
We do not integrate with advertising networks, social media tracking pixels, or analytics platforms that track you across websites.
5 Data Storage & Security
All user data is stored in Google Cloud Firestore in the asia-southeast2 (Jakarta, Indonesia) region. We implement the following security measures:
- Encryption in transit: All data is transmitted over HTTPS/TLS. HTTP connections are redirected to HTTPS.
- Encryption at rest: Firestore encrypts all data at rest by default using AES-256.
- Auth token hashing: Mock API tokens are hashed with SHA-256 before storage. Plaintext tokens are never stored and are only shown once at creation.
- Password hashing: User passwords are hashed using Firebase Auth's secure hashing. We never store plaintext passwords.
- Firestore Security Rules: Access to workspace data is strictly limited to the workspace owner via Firestore Security Rules. No cross-user data access is permitted.
- DDoS protection: All traffic passes through Cloudflare for DDoS mitigation and rate limiting.
- Rate limiting: Mock endpoint requests are rate-limited per workspace with hard stops to prevent abuse.
Despite our security measures, no system is completely secure. We encourage you to use strong passwords and not store real sensitive data on the platform.
6 Data Retention
| Data Type | Retention Period |
|---|---|
| Account data (email, name) | Until account deletion + 30 days |
| Workspace content & collections | Until account deletion + 30 days |
| Request logs (Starter) | 7 days rolling |
| Request logs (Pro) | 30 days rolling |
| Request logs (Free) | Not stored |
| Billing records & invoices | 7 years (tax compliance) |
| Support correspondence | 3 years |
| Aggregated analytics (anonymized) | Indefinite |
When you delete your account, we begin the deletion process immediately. All personal data and workspace content is permanently deleted within 30 days. Billing records are retained as required by law.
7 Cookies & Local Storage
APInexis uses minimal cookies and browser storage:
- Authentication session cookie: Set by Firebase Auth to keep you logged in. This is a strictly necessary cookie — the app cannot function without it. It expires when you log out or after 30 days of inactivity.
- Preference storage: We may store UI preferences (e.g., selected code export platform) in browser
localStorage. This data stays on your device and is never sent to our servers.
We do not use advertising cookies, third-party tracking cookies, or analytics cookies. We do not use Google Analytics or any similar tracking service.
You can clear cookies and local storage at any time through your browser settings. Clearing the auth cookie will log you out.
8 Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of all personal data we hold about you.
- Rectification: Correct inaccurate or incomplete personal data. You can update your name and email directly in Account Settings.
- Erasure: Request deletion of your account and all associated data. You can delete your account in Account Settings, or email us at privacy@apinexis.com.
- Portability: Request an export of your workspace data in machine-readable format (JSON). Available via APInexis API (Pro) or by contacting support.
- Restriction: Request that we stop processing your data in certain circumstances.
- Objection: Object to processing based on legitimate interests.
- Opt-out of marketing: Unsubscribe from non-transactional emails at any time via the unsubscribe link in any email, or in Account Settings.
To exercise any right, contact us at privacy@apinexis.com. We will respond within 30 days.
9 Children's Privacy
APInexis is not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us at privacy@apinexis.com and we will delete the information promptly.
10 International Data Transfers
APInexis is operated from Indonesia and stores data in the Google Cloud asia-southeast2 (Jakarta) region. If you access the Service from outside Indonesia, your data may be processed in Indonesia or in other regions where our third-party service providers operate (including the United States, for Google Cloud and Cloudflare infrastructure).
By using the Service, you consent to the transfer of your data to these locations. We rely on standard contractual clauses and service agreements with our providers to ensure appropriate data protection safeguards are in place for international transfers.
11 Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes that affect how we use your personal data, we will:
- Update the "Last updated" date at the top of this page
- Send an email notification to all registered users at least 14 days before the changes take effect
- Display an in-app notification for active users
Minor clarifications or non-material changes may be made without advance notice. We encourage you to review this page periodically.
12 Contact & Data Controller
APInexis is the data controller for personal data collected through this Service. For any privacy-related questions, requests, or complaints:
- Privacy inquiries: privacy@apinexis.com
- General support: support@apinexis.com
- Website: apinexis.com
We aim to respond to all privacy requests within 30 days. For urgent matters related to data security or suspected unauthorized access, please mark your email as urgent and we will prioritize your request.