Privacy Policy

Last updated: March 3, 2026

1. Introduction

Welcome to quota.sh ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our API quota monitoring service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (optional)
  • OAuth provider information (if using Google/GitHub login)
  • Account creation date

2.2 API Keys and Monitoring Data

To provide our service, we collect and store:

  • API keys from third-party providers (encrypted with AES-256-CBC)
  • API provider names and labels you assign
  • Balance information retrieved from your API providers
  • Alert thresholds you configure
  • Historical balance data
  • Alert history

2.3 Billing Information

For paid subscriptions (Pro plan), we collect:

  • Billing name and address
  • Company name (if applicable)
  • Tax ID / VAT number (if applicable)
  • Payment information (processed securely by Stripe - we do not store credit card details)
  • Billing history and invoices

Note: Payment card details are handled directly by Stripe and never stored on our servers.

2.4 Notification Settings

If you configure notifications, we store:

  • Email addresses for alerts
  • Webhook URLs (Slack, Discord, Telegram, etc.)
  • Notification preferences

2.5 Usage Data

We automatically collect:

  • Log data (IP address, browser type, pages visited)
  • Device information
  • Error logs and diagnostics

3. How We Use Your Information

We use your information to:

  • Provide and maintain our API monitoring service
  • Check your API balances at configured intervals
  • Send you alerts when balances fall below thresholds
  • Process payments and manage subscriptions (via Stripe)
  • Generate invoices with your billing information
  • Communicate with you about service updates and billing
  • Improve our service and develop new features
  • Detect and prevent fraud or abuse
  • Comply with legal and tax obligations

4. Data Security

We implement industry-standard security measures:

  • API keys are encrypted using AES-256-CBC encryption
  • All data transmission uses HTTPS/TLS encryption
  • Passwordless authentication via magic links and OAuth
  • Database access is restricted and monitored
  • Regular security audits and updates

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

5. Data Retention

We retain your data as follows:

  • Free Plan: Balance history and alert history are retained for 1 month
  • Pro Plan: Balance history and alert history are retained for 1 year
  • Account Data: Retained until you delete your account
  • API Keys: Retained until you delete them or your account
  • Billing Information: Retained for 5 years for tax and accounting purposes, even after account deletion
  • Invoices: Retained for 5 years as required by law

Older monitoring data is automatically deleted according to your plan's retention policy. Billing records are retained longer to comply with tax regulations.

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information only in these circumstances:

  • Payment Processing: Stripe processes payment information and billing data for subscriptions. See Stripe's Privacy Policy
  • Service Providers: We use third-party services that process data on our behalf
  • Tax Authorities: We may share billing information with tax authorities as required by law
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

We never share your API keys or balance information with third parties except as necessary to provide the service.

7. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct your information (including billing details)
  • Deletion: Request deletion of your account and data (billing records retained for legal compliance)
  • Export: Export your monitoring data in a portable format
  • Opt-out: Unsubscribe from marketing communications
  • Billing Records: Request copies of invoices and billing history

To exercise these rights, contact us at support@quota.sh. Note that billing information may be retained for tax compliance even after account deletion.

8. Cookies and Tracking

We use cookies and similar technologies for:

  • Authentication and session management
  • Remembering your preferences
  • Analytics to improve our service

You can control cookies through your browser settings, but some features may not work properly if cookies are disabled.

9. Third-Party Services

Our service integrates with:

  • Supabase: Database and authentication
  • Resend: Email delivery
  • Stripe: Payment processing (Pro plan)
  • Sentry: Error tracking

These services have their own privacy policies. We recommend reviewing them.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this privacy policy.

11. Children's Privacy

Our service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or through our service. The "Last updated" date at the top indicates when the policy was last revised.

13. Contact Us

If you have questions about this privacy policy or our data practices, contact us at:

← Back to Home