Privacy Policy

Introduction

We at G8KEPR are committed to protecting your privacy. This Privacy Policy explains our data handling practices and safeguards when you use our service. We comply with applicable privacy regulations worldwide.

Information We Collect

Account Information

When you create a G8KEPR account, the following information is gathered:

Email address
Full name
Organization name
Password (encrypted with bcrypt)

Usage Data

To provide and improve our service, the following data is gathered:

API request logs (endpoints, methods, response times, status codes)
Security event logs (blocked threats, rate limit violations)
Usage metrics (requests per day, quota usage)
Browser and device information
IP addresses (for security and fraud prevention)

How We Use Your Information

Your information is used to:

Provide our service: Process API requests, enforce rate limits, detect threats
Billing: Process payments and send invoices
Security: Detect fraud, prevent abuse, and respond to security incidents
Improvement: Analyze usage patterns to improve performance and features
Compliance: Meet legal and regulatory requirements under applicable law

Information Sharing

We do not sell your data. We only share data with:

Service providers: Stripe (payments), AWS/DigitalOcean (hosting)
Law enforcement: Only when legally required by valid court order
Business transfers: In the event of a merger or acquisition (you'll be notified)

Data Security

We implement industry-standard security measures to protect your data:

Encryption

TLS 1.3 for data in transit, AES-256 for data at rest

Authentication

JWT tokens with 15-min expiry, secure password hashing

Infrastructure

Hosted on SOC 2 aligned cloud providers

Monitoring

24/7 security monitoring and intrusion detection

Data Retention

Account data: Retained while your account is active
API logs: Retained for 90 days
Security logs: Retained for 1 year for compliance purposes
Billing records: Retained for 7 years per tax regulations

Your Rights

You have the following rights regarding your personal data:

Access: Request a copy of your data
Correction: Update incorrect or incomplete data
Deletion: Request deletion of your data (right to be forgotten)
Portability: Export your data in machine-readable format
Objection: Opt out of marketing communications

GDPR

EU residents have additional rights and protections under European data protection law.

CCPA

California residents have specific rights regarding their personal information under California law.

Cookies and Tracking

Essential cookies are used to:

Maintain your login session
Remember your preferences
Prevent fraud and abuse

We do not use third-party advertising or tracking cookies.

International Data Transfers

Your data may be transferred to and processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

Children's Privacy

G8KEPR is not intended for users under 18 years of age. We do not knowingly collect data from children. If you believe we have collected data from a child, please notify our privacy team immediately.

Third-Party Services

We partner with carefully selected vendors to operate G8KEPR. These partners may collect data according to their own privacy policies. Our main vendors include Stripe for payment processing and AWS/DigitalOcean for hosting infrastructure.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes via email or dashboard notification. Continued use of our service after changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this privacy policy, please reach out:

Email: privacy@g8kepr.com

Data Protection Officer: dpo@g8kepr.com

Mail: G8KEPR Privacy Team

Quick Summary