Privacy Policy

Last updated: 25 April 2026

1. Who we are

apimie (“we”, “us”, “our”) operates the website apimie.com and the associated API services. For data protection purposes, apimie is the data controller. You can reach us at apimie.com/contact.

2. What data we collect

  • Account data: name, email address, password (hashed with PBKDF2), company, website — provided voluntarily at registration.
  • API keys: label, purpose, tier, status, creation and revocation timestamps.
  • Usage data: daily chat request counts, keyed to your user ID or an anonymous session cookie.
  • Contact messages: name, email, topic, and message body submitted via the contact form.
  • IP address hash: a one-way SHA-256 hash of your IP address, used solely for anonymous rate-limiting. The original IP is never stored.
  • Referral data: email of referred users and conversion status, if you use or are referred via a referral link.

3. Legal basis and purposes

We process personal data under the following legal bases (GDPR Art. 6):

  • Contract performance (Art. 6.1.b): to create and manage your account, provide API access, and process payments.
  • Legitimate interests (Art. 6.1.f): to prevent abuse, enforce rate limits, and protect our service from fraud.
  • Consent (Art. 6.1.a): for optional email communications (whale digest, product updates) — you can withdraw at any time.

4. Data retention

  • Account data is retained until you delete your account.
  • Session tokens expire after 30 days.
  • Password reset tokens expire after 1 hour.
  • Daily usage counters are retained for 90 days then deleted.
  • Contact messages are retained for 12 months.

5. Third parties

  • Cloudflare Pages + D1: hosting and database. Data is processed in Cloudflare's EU/US infrastructure.
  • Apify: the Polymarket whale-tracker actor runs on Apify's platform. No personal data is shared with Apify.
  • ZeptoMail (Zoho): transactional email delivery. Your email address is transmitted to send account-related emails.
  • Mistral AI: AI inference for chat responses. Only the anonymised data context (wallet addresses, volumes) is sent — no personal user data.

We do not sell your personal data.

6. Your rights (GDPR)

If you are in the EU/EEA, you have the following rights:

  • Access: request a copy of your personal data.
  • Rectification: correct inaccurate data via your profile settings.
  • Erasure: delete your account and all associated data from your profile page.
  • Restriction / Objection: contact us to restrict or object to processing.
  • Portability: request your data in a machine-readable format.
  • Complaint: lodge a complaint with your local data protection authority (e.g. Garante Privacy in Italy).

To exercise any right, contact us. We respond within 30 days.

7. Cookies

We use strictly necessary cookies only: a session cookie (session_token) for authentication, and an anonymous ID cookie (anon_id) for rate-limiting anonymous chat usage. No tracking or advertising cookies are used.

8. Changes to this policy

We may update this policy. Material changes will be notified by email or via a banner on the site. The “last updated” date at the top of this page indicates the most recent revision.

9. Contact

For any privacy-related questions or requests: apimie.com/contact