[PLACEHOLDER] markers. Final wording will be confirmed by counsel before public release.Privacy Policy
Effective date: 2026-05-01 · Version: v1.0-beta
This Privacy Policy explains how Novpix LLC ("we", "us") collects, uses, and protects personal data when you use the powapi service.
1. Who we are
Data controller: Novpix LLC, 131 Continental Dr Suite 305, Newark, DE 19713, US. Privacy contact: privacy@powapi.io.
2. Data we collect
| Category | Examples | Why |
|---|---|---|
| Account | email address, hashed password | sign-in, billing notifications |
| Billing | Stripe customer ID, last 4 digits of card (held by Stripe) | payment processing |
| Usage logs | request timestamps, endpoint, model, token counts, latency, status code | rate-limiting, billing accuracy, abuse detection |
| Prompts and completions | the actual content of your API requests and responses | only as needed to operate the gateway; not retained for training |
| Technical | IP address, user-agent, locale | abuse detection, language preference |
We do not buy or rent contact lists, and we do not enrich your data from third-party data brokers.
3. Legal basis (GDPR / UK GDPR)
We process personal data on the following legal bases:
- Article 6(1)(b) — performance of a contract: to deliver the Service you signed up for.
- Article 6(1)(f) — legitimate interest: for fraud prevention, security, and product improvement, where your rights do not override ours.
- Article 6(1)(c) — legal obligation: for tax, accounting, and law-enforcement requests.
- Article 6(1)(a) — consent: for analytics and marketing cookies (off by default; you may withdraw consent any time).
4. How long we keep it
| Data | Retention |
|---|---|
| Prompts and completions | not retained beyond the request lifecycle (the request body is dropped immediately after the response is delivered) |
| Usage logs (aggregate counters) | 90 days |
| Billing records | 7 years (tax obligation) |
| Account data | until account deletion |
5. Sub-processors
We share personal data with the following sub-processors strictly to operate the Service:
- Stripe, Inc. — payment processing
- Postmark / ActiveCampaign — transactional email (magic-link sign-in, billing notices)
- Hetzner Online GmbH — primary hosting (EU)
- Anthropic / DeepSeek — language-model providers; we forward your prompt content to whichever provider serves your request
A current list is published in our DPA. We update it when a sub-processor is added or replaced.
6. International transfers
Some sub-processors are located outside the EU/EEA (e.g. Stripe in the US). Where required, we rely on the European Commission's Standard Contractual Clauses, supplemented by additional safeguards.
7. Your rights
Under GDPR, UK GDPR, and KVKK (where applicable), you have the right to:
- access the personal data we hold about you;
- rectify inaccurate data;
- erase your account and associated data ("right to be forgotten"), subject to legal retention obligations;
- restrict or object to processing;
- port your data to another service;
- withdraw consent at any time;
- lodge a complaint with your supervisory authority.
To exercise any of these, email privacy@powapi.io. We respond within 30 days.
8. Security
- API keys are stored only as SHA-256 hashes; we cannot recover lost keys.
- Passwords are hashed using a memory-hard algorithm (Argon2id).
- All traffic is served over TLS 1.2+.
- Production access is limited to a small set of named personnel under MFA.
If we ever suffer a data breach affecting your data, we will notify you and the relevant authority within 72 hours of becoming aware, in line with GDPR Art. 33–34.
9. Children
The Service is not directed to children under 16. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it.
10. Changes
We may update this Policy. Material changes will be announced at least 14 days in advance via email and the panel.
11. Contact
Privacy questions: privacy@powapi.io. General contact: legal@powapi.io. Novpix LLC, 131 Continental Dr Suite 305, Newark, DE 19713, US.