Privacy Policy

1. Introduction

API Stronghold (Service) is a secure platform owned and operated by Venerite Enterprises, LLC (Venerite, we, our, us) that enables users to store, manage, and rotate API credentials for web services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Service or visit our website at apistronghold.com. By using the Service, you agree to the practices described in this Policy.

2. Information We Collect

• Account Information: Name, email address, organization name, billing details, and authentication credentials.
• Service Data: API keys, secret tokens, and endpoint metadata that you choose to store in the Service. API keys are encrypted using AES‑256 at rest and protected by TLS 1.3 in transit.
• Usage Data: Log files, IP address, device information, browser type, and actions performed within the Service (e.g., key creation, rotation, deletion).
• Cookies & Tracking Technologies: Cookies and similar technologies to maintain sessions and improve user experience.

3. How We Use Information

• To provide, operate, and maintain the Service.
• To process transactions and manage subscriptions.
• To monitor and enhance security, including intrusion detection and fraud prevention.
• To develop new features, conduct research, and improve performance.
• To communicate with you about updates, security alerts, and administrative messages.
• To comply with legal obligations and enforce our Terms of Service.

4. Legal Basis for Processing

Where required by applicable law (e.g., GDPR), we process Personal Data on the following legal bases: (i) performance of a contract; (ii) legitimate interests; (iii) compliance with a legal obligation; or (iv) your consent.

5. Sharing & Disclosure

• Service Providers: Third‑party vendors that assist with hosting, customer support, analytics, or payment processing and who are bound by confidentiality obligations.
• Legal Compliance: To satisfy any applicable law, regulation, legal process, or governmental request.
• Business Transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets, provided the recipient agrees to honor this Privacy Policy.

6. Data Security

We employ industry‑standard safeguards to protect information, including zero‑knowledge encryption of API keys, least‑privilege access controls, and 24 / 7 monitoring.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. You may delete API keys at any time, after which they are purged from all backups within 30 days.

8. International Transfers

We store and process data in the United States. If you access the Service from outside the U.S., you consent to the transfer of your information to the U.S. and the application of U.S. laws.

9. Your Rights & Choices

• Access, correct, or delete Personal Data via your account settings.
• Opt out of marketing communications at any time.
• If you are in the EEA/UK, exercise your GDPR rights by contacting us (see Section 13).
• California residents may request disclosure or deletion of Personal Information pursuant to the CCPA/CPRA.

10. Third‑Party Services

The Service may contain links to or integrations with third‑party services. We are not responsible for the privacy practices of those services; please review their policies independently.

11. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect Personal Data from children. If you believe a child has provided us with Personal Data, please contact us, and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by emailing the address associated with your account or by posting a notice in the Service. Changes are effective when posted.