Privacy Policy

1. Introduction

Welcome to ChinookAPI ("Company", "we", "us", or "our"). Your privacy is of utmost importance to us, and we are committed to protecting your personal data, ensuring compliance with GDPR (General Data Protection Regulation), Dutch privacy laws, and other applicable regulations.

This Privacy Policy explains:

• What data we collect and why.
• How we use, process, and protect your data.
• Your rights under applicable privacy laws.

By using ChinookAPI, you agree to the collection and processing of your information as outlined in this Privacy Policy. If you disagree, you should discontinue using our services immediately.

2. Scope & Applicability

This Privacy Policy applies to:

• ✓All users of ChinookAPI, including developers, businesses, and API consumers.
• ✓All personal and non-personal data collected through our API platform, website, and related services.
• ✓Any third-party integrations that process user data in connection with ChinookAPI.

This Privacy Policy does not apply to third-party services used alongside ChinookAPI (e.g., cloud providers like AWS or payment processors like Stripe). Users should review those services' respective privacy policies.

3. What Data We Collect

We collect different types of personal and non-personal information depending on how you interact with ChinookAPI.

3.1. Personal Data You Provide Directly

• ✓Account Information: Name, email, company details, and hashed password.
• ✓Billing Information: Payment details processed by Stripe/PayPal (ChinookAPI does not store credit card details).
• ✓Support Requests: Emails, messages, or live chat logs.

3.2. Automatically Collected Data

• ✓API Usage Logs: IP addresses, timestamps, authentication tokens, request metadata.
• ✓Device & Browser Data: OS type, browser type, session duration.
• ✓Cookies & Tracking Data: See our Cookie Policy for full details.

3.3. Data From Third Parties

• ✓Payment Processors: We receive transaction confirmations but no raw payment details.
• ✓OAuth Authentication Providers (Google, GitHub, etc.): If you log in via an external provider, we collect your email and profile name.

4. Why We Collect Your Data

We only process your data for legitimate business and legal reasons, including:

• 1To deliver API services – Authentication, request processing, and resource management.
• 2To manage accounts & security – Protecting against unauthorized access and fraud.
• 3To process payments – Handling transactions, invoicing, and tax compliance.
• 4To improve our platform – Analyzing API performance and user behavior.
• 5To comply with legal obligations – Preventing fraud, abuse, and ensuring regulatory compliance.

5. Legal Basis for Processing Data (GDPR Compliance)

Under GDPR, we must have a legal basis for processing personal data. Our legal bases include:

• ✓Performance of Contract: We process your data to provide ChinookAPI services.
• ✓Legitimate Interest: We analyze usage data to improve service reliability.
• ✓Legal Obligation: We retain billing data for tax compliance.
• ✓Consent: If required, we request explicit consent (e.g., marketing emails).

6. How We Share Your Data

We never sell personal data but may share information in the following cases:

6.1. Service Providers & Partners

• ✓Cloud Infrastructure (AWS, DigitalOcean, Google Cloud): For API hosting.
• ✓Payment Processors (Stripe, PayPal): To process transactions.
• ✓Analytics Tools (Google Analytics, Matomo): To understand usage patterns.

6.2. Legal & Compliance Obligations

We may disclose data if required by law (e.g., fraud investigations, government requests, or court orders).

6.3. International Data Transfers

If we transfer your data outside the European Economic Area (EEA), we ensure compliance with GDPR via:

• ✓Standard Contractual Clauses (SCCs)
• ✓Data Processing Agreements (DPAs)

7. Your Rights Under GDPR

Under GDPR, you have the following rights:

• 🔹Right to Access – Request a copy of your data.
• 🔹Right to Rectification – Correct inaccurate information.
• 🔹Right to Erasure ("Right to be Forgotten") – Delete your account and associated data.
• 🔹Right to Restriction – Temporarily limit data processing.
• 🔹Right to Data Portability – Receive your data in a structured format.
• 🔹Right to Object – Object to data processing (e.g., analytics, marketing).

You can exercise these rights by contacting hello@chinookapi.com.

8. How We Protect Your Data

We implement strict security measures to prevent unauthorized access or breaches:

• 🔐Encryption: All stored data is encrypted using AES-256.
• 🔐API Security: API keys are securely hashed and stored.
• 🔐Access Controls: Role-based permissions restrict access to sensitive data.
• 🔐Security Audits: Regular penetration testing to detect vulnerabilities.

9. Data Retention & Deletion

We retain your data only as long as necessary for legal, operational, and security purposes:

• ✓Account Data: Deleted 30 days after account closure.
• ✓API Logs: Stored for 12 months for security audits.
• ✓Billing Data: Retained for 7 years (Dutch tax law requirement).

Users can request early deletion by contacting hello@chinookapi.com.

10. Cookies & Tracking

We use cookies for essential functionality. You can opt out of non-essential cookies via your browser settings.

• ✓Essential Cookies: Required for login and session security.
• ✓Analytics Cookies: Track API performance (opt-out available).
• ✓Marketing Cookies: Used for remarketing (enabled only with consent).

For full details, see our Cookie Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect regulatory changes or service improvements. Any major changes will be communicated via email or dashboard notification.

12. Contact Information

For questions about this Privacy Policy or data requests, contact:

📧 Email: hello@chinookapi.com
📍 Company Name: ChinookAPI