Privacy Policy

API Butler is a SaaS platform that turns CSV files into live APIs. Users can upload data, manage API access, and integrate with their applications. As part of operating this service, we process certain personal data. We are committed to handling it responsibly and in compliance with the EU General Data Protection Regulation (GDPR).

We collect the following categories of data:

• Account data — name and email address provided at registration
• Uploaded CSV data — files you upload to generate APIs
• API usage data — request counts, endpoints accessed, timestamps
• Payment data — billing details processed via Stripe (we do not store card numbers)
• Communication data — messages sent to support or via email

We use your data to:

• Operate and maintain the API Butler service
• Process payments and manage subscriptions
• Send transactional emails (account confirmations, billing receipts, security alerts)
• Respond to support requests
• Monitor usage for plan limits and enforce fair use
• Detect and prevent abuse or unauthorized access

API Butler is built on a set of specialized infrastructure providers. These providers process data on our behalf to operate the service:

• Fly.io — hosts the backend API (Python / FastAPI)
• Vercel — hosts the frontend application
• Cloudflare / R2 — CDN, DDoS protection, and object storage for uploaded CSV files
• Neon — managed PostgreSQL database storing account and usage data

All providers are bound by data processing agreements and apply appropriate technical and organizational security measures.

Payments are processed by Stripe, Inc. When you subscribe or purchase a plan, your billing information is transmitted directly to Stripe. We do not store credit card numbers or full payment details on our servers.

Stripe's handling of your payment data is governed by their own privacy policy. For details, refer to the Stripe Privacy Policy at stripe.com.

Transactional emails — including account confirmations, billing notifications, and security alerts — are sent via Resend. Your email address is transmitted to Resend solely for the purpose of delivering these messages. We do not send marketing emails without your explicit consent.

We use Umami for website analytics. Umami is a privacy-first analytics tool with the following properties:

• No cookies are set
• No personal data is collected or stored
• Usage data is fully anonymized
• Umami is self-hosted on DigitalOcean infrastructure in the EU

Because no personal data is processed and no cookies are used, no consent banner is required for analytics.

When you or your users call an API endpoint generated by API Butler, we log the following data:

• IP address (anonymized where technically possible)
• Request metadata (endpoint, method, timestamp, response status)
• Usage counts per account and API key

This data is used exclusively to enforce plan limits, detect abuse, and ensure service reliability. It is not shared with third parties beyond our infrastructure providers.

We retain your personal data for as long as your account is active or as necessary to provide the service. If you request deletion of your account, we will delete your data unless we are required to retain it to comply with legal obligations (e.g., tax or financial records).

Under the GDPR, you have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you
• Correction — request correction of inaccurate or incomplete data
• Deletion — request erasure of your personal data
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interests

To exercise any of these rights, use our contact form . We will respond within 30 days.

Some of our infrastructure providers (e.g., Fly.io, Stripe, Vercel) may process data in countries outside the European Economic Area (EEA). Where this is the case, we ensure that appropriate safeguards are in place — including Standard Contractual Clauses (SCCs) approved by the European Commission — to protect your data in accordance with GDPR requirements.

If you have questions or concerns about this Privacy Policy or about how we handle your data, please contact us:

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.