Privacy Policy

1. What We Store

Sprime stores the following data in Google Cloud Firestore:

• Account data: Email address, API key, plan type, account creation date. For paid plan users: Stripe customer ID (no credit card data is stored by Sprime).
• Usage data: Daily request counts per API key for rate limiting and billing.
• Webhook data (Pro plan): Webhook URLs, trigger conditions, HMAC secrets, delivery timestamps, and failure counts.

2. How We Handle IP Addresses

IP addresses are used in the following ways:

• Signup rate limiting: Your IP is held temporarily in server memory (not persisted to disk) to prevent signup abuse. It is not written to any database or log file by our application.
• Auto-location weather (/v1/weather/auto): Your IP is sent to ipapi.co to determine your approximate location. We do not store the IP or the geolocation result.
• IP Lookup (/v1/ip-lookup): If you query this endpoint, the target IP is sent to ipwho.is for geolocation. Results are cached in server memory for 24 hours, then discarded.
• Platform logs: Google Cloud Run may log request metadata including IP addresses in its default infrastructure logs. We do not actively collect or analyze these logs.

3. Third-Party Data Processors and Upstreams

Your requests may cause data to be sent to these third-party services:

• Stripe: Payment processing and subscription management. When you subscribe to a paid plan, you are redirected to Stripe's hosted checkout page. We do not see, store, or process your credit card details. Stripe provides us with your subscription status and customer ID only.
• SendGrid: Email delivery for API key distribution and service updates.
• Google Cloud: Hosting (Cloud Run), database (Firestore), and secret storage (Secret Manager).

API data is sourced from upstream providers. When you make an API call, your request parameters (not your identity) may be forwarded to:

• Open-Meteo: Weather, air quality, and geocoding data.
• CoinGecko: Cryptocurrency price and market data.
• NewsAPI: News headlines and articles.
• Frankfurter (ECB): Foreign exchange rates.
• World Time API: Timezone and current time data.
• ipwho.is: IP geolocation data.
• Nager.Date: Public holiday data.
• ipapi.co: IP-to-location for auto-weather only.

4. Client-Side Storage

The Sprime dashboard stores your API key in your browser's localStorage so you don't have to re-enter it on each visit. This data never leaves your browser unless you make an API call. You can clear it at any time through your browser settings.

5. Data Retention

Account data (email, API key, plan) is retained for as long as your account is active. Usage counts are stored indefinitely for billing accuracy. Webhook data is retained until you delete the webhook or your account. We do not currently implement automatic data expiration or anonymization.

6. Your Rights

You may request access to, correction of, or deletion of your personal data by contacting support@sprime.us. There is no self-service deletion mechanism at this time. Upon request, we will revoke your API key and delete your account data, usage records, and webhook configurations from Firestore. If you have a paid subscription, you must cancel it through Stripe before requesting deletion. Platform infrastructure logs controlled by Google Cloud are subject to Google's retention policies.