Privacy Policy

Who we are

Apixies is operated by Bugra Ergin, based in Switzerland. We provide a developer API suite with 39+ utility micro-APIs. This policy explains what personal data we collect, why, and what rights you have.

We aim to collect only what we need and to be transparent about it. If anything here is unclear, reach out to us at .

What data we collect

Account information

When you create an account, we collect your name, email address, and a password (stored as a one-way hash — we never store or see your plain-text password). Your email is used for account verification, password resets, and important service notifications.

API keys

When you generate an API key, we store a hashed version of the key along with a name you choose, creation timestamp, and last-used timestamp. Temporary API keys and sandbox tokens are linked to your IP address and have built-in expiration.

API usage logs

Each API request is logged with: the endpoint called, your user ID (if authenticated), IP address, user agent, and timestamp. We use these logs for rate limiting, abuse prevention, usage analytics, and debugging. Sensitive fields (passwords, tokens, secrets) are automatically redacted from logs.

Community ideas

If you submit a suggestion on the Community Ideas board, we store the content you submit along with your IP address (for vote deduplication and spam prevention).

Cookies

We use essential cookies required for the site to function, plus one cookie to remember your analytics preference. Analytics cookies from Google are only set if you accept them via the consent banner.

If you accept analytics cookies, Google Analytics will set additional cookies (e.g. _ga, _ga_*) to distinguish unique visitors. These are only loaded after you give explicit consent. You can change your preference at any time by clearing your browser cookies.

Third-party services

We use a small number of third-party services. Here's exactly what they are and why:

• Bunny Fonts (fonts.bunny.net) — serves the Figtree typeface used on this site. Bunny Fonts is a privacy-focused, GDPR-compliant alternative to Google Fonts. It does not track users or set cookies.
• Google Analytics — we use Google Analytics (GA4) to understand how visitors use the site (page views, referrers, general geographic region). Google Analytics is only loaded after you give explicit consent via the cookie banner. If you decline, no analytics scripts are loaded and no data is sent to Google. IP addresses are anonymized. Google processes data per Google's privacy policy.
• Cloudflare Turnstile (optional) — if enabled, used on forms to distinguish real users from bots. Cloudflare processes limited data per their privacy policy.
• Email delivery — we use a transactional email service to send account verification emails, password reset links, and service notifications. This service processes your email address solely to deliver messages on our behalf.

How we use your data

• To provide and maintain the API service
• To authenticate your requests and manage your account
• To enforce rate limits and prevent abuse
• To send essential emails (verification, password resets, service updates)
• To improve the service based on aggregated usage patterns
• To comply with legal obligations

We do not sell your personal data. We do not use your data for advertising. We do not share your data with third parties except as described in this policy.

Data retention

• Account data — retained while your account is active. If you deactivate your account, we soft-delete your data and permanently remove it after 30 days.
• API usage logs — retained for up to 90 days, then automatically purged.
• Temporary API keys — automatically expire and are cleaned up after their configured lifetime (default: 7 days).
• Sandbox tokens — short-lived and automatically expire.

Data security

We take reasonable measures to protect your data, including:

• Passwords are hashed using bcrypt (one-way, irreversible)
• API keys are stored as hashed values
• All connections are encrypted via HTTPS (HSTS enforced)
• Security headers (CSP, X-Frame-Options, X-Content-Type-Options) are set on all responses
• Sensitive fields are automatically redacted from logs
• SSRF protection prevents internal network access from API endpoints

Your rights

Under the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (nDSG), you have the following rights:

• Access — request a copy of the personal data we hold about you
• Rectification — correct inaccurate data (you can update your name and email in Account Settings)
• Deletion — request deletion of your account and associated data (available in Account Settings, or by contacting us)
• Data portability — request your data in a structured, machine-readable format
• Restriction — request that we limit how we process your data
• Objection — object to processing based on legitimate interests

To exercise any of these rights, email . We will respond within 30 days.

Legal basis for processing

• Contract performance — processing your account and API key data is necessary to provide the service you signed up for.
• Legitimate interests — usage logging and rate limiting protect the service and all users from abuse.
• Consent — where applicable (e.g., optional analytics), you can withdraw consent at any time.
• Legal obligation — we may process data as required by law.

Children's privacy

Apixies is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can remove it.

Changes to this policy

We may update this policy from time to time. If we make significant changes, we'll note the new date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.

Contact

For any privacy-related questions or data requests:

Bugra Ergin
Apixies
Switzerland