Privacy Policy

Last updated: March 27, 2026

1. Introduction

Rebirth API ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our website at rebirthapi.com and our API services (collectively, the "Service").

2. Information We Collect

Account Information

  • Email address
  • Password (stored as a bcrypt hash — we never store plain-text passwords)
  • Name and company name (optional)

API Usage Data

  • Which API endpoints you call
  • HTTP status codes and response latency
  • Timestamps of requests
  • API key used (we do not log the content of your requests or our responses)

Technical Data

  • IP address (for rate limiting and abuse prevention)
  • Browser user agent (website visits only)

Payment Information

Payment processing is handled by Stripe. We do not store your credit card number, CVC, or billing address. Stripe's privacy policy governs their handling of your payment data.

3. How We Use Your Information

  • Service delivery: To authenticate you, process API requests, and manage your account.
  • Billing: To track usage for plan limits and generate invoices.
  • Security: To detect abuse, enforce rate limits, and protect the Service.
  • Communication: To send transactional emails (account confirmations, billing receipts, service notices). We will never sell your email or send unsolicited marketing.
  • Improvement: To analyze aggregate usage patterns and improve Service performance and reliability.

4. Data Sharing

We do not sell, rent, or trade your personal information. We share data only with:

  • Stripe: For payment processing.
  • Vercel: Our hosting provider, which processes web requests on our behalf.
  • Law enforcement: Only when required by valid legal process (subpoena, court order).

5. Data Retention

  • Account data is retained while your account is active.
  • Usage logs are retained for 90 days, then automatically purged.
  • Upon account deletion, all personal data is removed within 30 days.
  • Anonymized, aggregate analytics may be retained indefinitely.

6. Data Security

We implement industry-standard security measures including:

  • TLS encryption for all data in transit
  • Bcrypt password hashing with salt
  • API key hashing and secure generation
  • IP-based and per-key rate limiting
  • Principle of least privilege for infrastructure access

For more details, see our Security page.

7. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your account and associated data.
  • Export: Request a machine-readable export of your data.
  • Restriction: Request that we limit processing of your data.

To exercise any of these rights, email support@rebirthapi.com.

8. Cookies

We use a single essential cookie (rb_token) to maintain your authenticated session on the dashboard. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn we have collected data from a child under 18, we will delete it promptly.

10. International Data Transfers

Our Service is hosted in the United States. If you access the Service from outside the US, your data may be transferred to and processed in the US. By using the Service, you consent to this transfer.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on our website. The "Last updated" date at the top reflects the most recent revision.

12. Contact

For privacy-related questions or requests, contact us at support@rebirthapi.com.