Skip to content

Privacy Policy

Data Controller

APIDLY LTD ("Apidly", "we", "us", "our") is the data controller responsible for your personal data.

  • Company Name: APIDLY LTD
  • Company Number: 17042735
  • Registered Address: 82A James Carter Road, Mildenhall, Suffolk IP28 7DE, United Kingdom
  • Email: privacy@apidly.com

Data We Collect

We collect and process the following categories of personal data:

Account Data

When you create an account, we collect your name, email address, and authentication credentials managed through our identity provider (Clerk).

Usage Data

We automatically collect information about how you interact with our platform, including pages visited, features used, session duration, browser type, device information, and IP address.

Payment Data

When you subscribe to a paid plan, payment processing is primarily handled by Paddle.com Market Limited ("Paddle"), our Merchant of Record, which processes all payments, invoices, and tax compliance. Some transactions may also be processed by Stripe. We do not store your full credit card number. We retain transaction identifiers, billing address, and subscription details.

Generated Content Data

When you use our tools to generate legal documents, privacy policies, or other content, we process the information you provide as inputs and store the generated outputs associated with your account.

Communication Data

When you contact us via email or support channels, we collect the content of your communications and any attachments.

Legal Bases for Processing (GDPR)

We process personal data under the following legal bases:

  • Contract Performance (Art. 6(1)(b)): Processing necessary to provide our services, manage your account, and fulfil subscriptions.
  • Legitimate Interests (Art. 6(1)(f)): Analytics, fraud prevention, platform security, and service improvement.
  • Consent (Art. 6(1)(a)): Marketing communications and non-essential cookies. You may withdraw consent at any time.
  • Legal Obligation (Art. 6(1)(c)): Compliance with tax, accounting, and regulatory requirements.

How We Use Your Data

  • To provide, maintain, and improve our platform and services
  • To process transactions and manage subscriptions
  • To send transactional emails (account confirmations, receipts, service updates)
  • To send marketing communications (with your consent)
  • To respond to support requests
  • To detect and prevent fraud, abuse, and security threats
  • To comply with legal obligations
  • To generate aggregated, anonymised analytics

Third-Party Sharing

We share personal data with the following categories of recipients:

Service ProviderPurposeData Shared
ClerkAuthenticationEmail, name, login credentials
NeonDatabase hostingAll account and content data
VercelPlatform hostingIP address, usage data
PaddleMerchant of Record, payment processing, tax complianceBilling details, transaction data, tax information
StripePayment processing (secondary)Billing details, transaction data
PostHogProduct analyticsUsage data, anonymised identifiers

We do not sell your personal data. We do not share data with third parties for their own marketing purposes.

International Transfers

Your data may be transferred to and processed in countries outside the United Kingdom and European Economic Area. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • UK International Data Transfer Agreement (IDTA) or UK Addendum to SCCs
  • Adequacy decisions where applicable

Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Specifically:

  • Account data: Retained until account deletion, then deleted within 30 days
  • Usage data: Retained for 26 months, then anonymised
  • Payment records: Retained for 7 years to comply with tax and accounting obligations
  • Generated content: Retained until account deletion or manual deletion by you
  • Support communications: Retained for 3 years after resolution

Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

Under GDPR (EU/UK)

  • Access (Art. 15): Request a copy of your personal data
  • Rectification (Art. 16): Correct inaccurate or incomplete data
  • Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
  • Portability (Art. 20): Receive your data in a structured, machine-readable format
  • Restriction (Art. 18): Restrict processing in certain circumstances
  • Object (Art. 21): Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time without affecting prior processing

Under CCPA/CPRA (California)

  • Right to Know: Request disclosure of data collected, used, and shared
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the sale or sharing of personal information
  • Right to Non-Discrimination: Equal service regardless of exercising rights

To exercise any of these rights, email us at privacy@apidly.com. We will respond within 30 days (GDPR) or 45 days (CCPA).

Cookies

We use cookies and similar tracking technologies. For full details, see our Cookie Policy.

Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal data, contact us at privacy@apidly.com.

Policy Changes

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our platform. The "Last Updated" date at the top of this page indicates when the policy was last revised.

Contact Us

For privacy-related queries or to exercise your data rights:

  • Email: privacy@apidly.com
  • Post: APIDLY LTD, 82A James Carter Road, Mildenhall, Suffolk IP28 7DE, United Kingdom

You have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.