This Policy describes what data SECStream ("we") collects when you use sec-filing-api.com and the SECStream API.
1. Data we collect
- Account data: email address and a hashed password (we never see your plaintext password).
- Billing data: Stripe customer ID and subscription status. Card details are handled and stored by Stripe — we never see them.
- Usage logs: timestamp, endpoint, response status, and latency for each API call, used for rate limiting, debugging, and billing.
- IP address: recorded transiently for abuse prevention and rate limiting.
2. How we use it
- Operating, securing, and improving the Service.
- Enforcing rate limits and detecting abuse.
- Sending account, billing, and security email.
We do not sell your data and we do not show ads.
3. Sub-processors
- Supabase — authentication and database hosting.
- Stripe — payment processing and billing.
- Cloudflare — DNS, CDN, and DDoS protection.
4. Retention
Account data is kept while your account is active. Usage logs are retained for 90 days and then aggregated or deleted. You can request account deletion at any time.
5. Your rights (GDPR / CCPA)
You may request access, correction, export, or deletion of your personal data by emailing privacy@sec-filing-api.com. We respond within 30 days.
6. Security
Data is encrypted in transit (TLS) and at rest. API keys are stored hashed (SHA-256); we cannot recover a lost key — you must generate a new one.
7. Contact
Questions: privacy@sec-filing-api.com