Privacy

Privacy Policy

A clear account of the personal data needed to operate ApiCredits, complete payments, route requests and protect the platform.

Effective 15 July 2026Last updated 15 July 2026Hong Kong

Plain-language summary: We collect the minimum data reasonably needed to run accounts, payments, API routing and support. Marketing measurement requires a separate choice. API content may be processed by the selected upstream route, so sensitive workloads need a route-specific assessment.

1. Scope and data user

This Privacy Policy explains how ApiCredits collects, holds, processes, uses and discloses personal data when you use our website, dashboard, checkout, support channels and API gateway.

For data handled through the Service, ApiCredits acts as the data user responsible for deciding why and how that data is processed. ApiCredits is based in Kowloon Bay, Hong Kong.

2. Data we collect

  • Account and contact data: email address, account identifiers and information you provide to support.
  • Transaction data: selected plan, amount, currency, payment method, provider references, status, refund and chargeback information. Payment providers process full payment credentials.
  • Technical data: IP address, device and browser data, timestamps, security events, API key identifiers, request routing, token usage, model selection and diagnostic logs.
  • Campaign data: landing page, UTM parameters, fbclid, and Meta identifiers when marketing measurement is permitted.
  • Communications: messages, attachments and other information sent through support or a volume request.

3. API request and response content

Request and response content may pass through ApiCredits systems and selected upstream services so the request can be routed, generated, secured, metered and troubleshot. Provider-specific processing and retention rules may differ by route.

Do not submit secrets, regulated records or highly sensitive personal data unless you have assessed the selected route and have a lawful basis and appropriate safeguards. Contact support before deploying a regulated or confidentiality-sensitive workload.

4. Why we use data

  • create and secure accounts, wallets and API keys;
  • process, confirm and reconcile payments and refunds;
  • route API requests and calculate model-specific usage;
  • provide support, investigate errors and communicate service notices;
  • prevent fraud, abuse, chargebacks and security incidents;
  • meet accounting, legal and regulatory obligations;
  • measure marketing performance only where required permission has been given.

5. When data is shared

We may share only the data reasonably needed with:

  • payment processors and fraud-prevention providers;
  • hosting, database, email, monitoring and support providers;
  • upstream model and routing providers selected for your request;
  • analytics and advertising providers where marketing consent permits;
  • professional advisers, courts, regulators or authorities where legally required or necessary to protect rights and safety;
  • a successor in a merger, financing, acquisition or sale, subject to appropriate confidentiality and data protection measures.

We do not sell personal data as a standalone commercial product.

6. Cookies, local storage and advertising measurement

Essential storage supports login, cart, locale, security and checkout continuity. Session storage may retain campaign parameters during a visit. Your marketing preference is stored locally in your browser.

Meta Pixel and related measurement identifiers are activated only after you select Allow in the marketing privacy choice. Selecting Decline does not change product pricing or checkout access. Browser settings can also remove stored data, although doing so may sign you out or reset preferences.

7. International data transfers

Providers and infrastructure may operate outside Hong Kong. Where data is transferred across borders, we use contractual, technical and organisational measures intended to protect it consistently with this Policy and applicable data protection requirements.

8. Retention

We retain personal data only for as long as reasonably needed for the purposes above, including account operation, security, dispute handling, payment reconciliation and legal recordkeeping. Retention varies by data type, payment provider, selected model route and legal obligation. Data no longer required is deleted, anonymised or isolated from routine use where reasonably practicable.

9. Security

We use access controls, credential protection, server-side payment verification, logging and other reasonable safeguards. No online system is completely secure. You must protect your account email and API keys and report suspected compromise promptly.

10. Access, correction and other requests

Subject to applicable law, you may request access to or correction of your personal data and may ask questions about retention, deletion or processing. We may need to verify identity and may retain information required for security, accounting, disputes or law.

Send a request to the Data Protection Contact, ApiCreditsthrough support. Include the account email and enough information to identify the relevant data, but never send an API key or payment credential in a message.

11. Direct marketing

We will obtain the required consent before using personal data for direct marketing. You may withdraw consent or opt out at any time at no cost through the method in the message or by contacting support. Operational, security and transaction messages are not promotional marketing.

12. Children

The Service is intended for adults and business users. We do not knowingly collect personal data from children under 18. Contact support if you believe a child has provided data to us.

13. Changes to this Policy

We may update this Policy when our product, providers or legal obligations change. The date at the top identifies the current version. Material changes will be communicated where reasonably practicable.

ApiCredits is based in Kowloon Bay, Hong Kong.