Privacy Policy

Last updated: April 20, 2026

1. Overview

districtapi.dev ("we", "us", "our") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights. We collect the minimum data necessary to operate the Service.

2. Data We Collect

Account data

Email address and hashed password, collected when you create an account. Used for authentication and service communications.

API usage data

When you make API requests, we log: the endpoint called, HTTP method, response status code, response time in milliseconds, timestamp, and a one-way hash of your IP address. We do not store your raw IP address. Usage counts are stored against your API key to enforce quotas.

API keys

We store a SHA-256 hash of your API key and the first 12 characters as a display prefix. Your full API key is never stored after initial generation.

Payment data

If you subscribe to a paid plan, payment information is processed and stored by Stripe. We do not store credit card numbers or full payment details.

3. How We Use Your Data

  • Authenticate your account and API key requests
  • Enforce rate limits and monthly quotas
  • Detect and prevent abuse or fraud
  • Send transactional emails (account confirmation, password reset)
  • Improve the Service based on usage patterns
  • Respond to support inquiries

We do not sell your personal data. We do not use your data for advertising.

4. Third-Party Services

We use the following third-party services to operate districtapi.dev:

SupabaseDatabase, authentication, and user management. Data stored in US East (AWS).
Amazon Web Services (AWS)API compute (Lambda) and secrets management. Region: us-east-1.
CloudflareDNS, DDoS protection, and CDN for the developer portal.
StripePayment processing for paid subscriptions.
MapboxGeocoding addresses to coordinates for district lookup queries.

5. Data Retention

  • Request logs are retained for 90 days, then deleted.
  • Account data is retained until you delete your account.
  • Monthly usage counters reset on the 1st of each month.

6. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by emailing hello@districtapi.dev. We will respond within 30 days. You may also delete your account directly from your dashboard settings.

If you are in the EU or UK, you have additional rights under GDPR including the right to data portability and to lodge a complaint with your supervisory authority.

7. Cookies

The developer portal uses cookies only for authentication session management (via Supabase Auth). We do not use tracking, advertising, or analytics cookies.

8. Children

The Service is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email. Continued use of the Service after changes are posted constitutes acceptance.

10. Contact

Privacy questions or data requests: hello@districtapi.dev