Privacy Policy

1. Information We Collect

• Email address — collected during account creation for authentication purposes
• Subscription status — your current plan tier and billing period
• API usage metrics — endpoint accessed, timestamp, and request count for rate limiting and billing
• Payment information — processed entirely by Stripe. Guzz Labs does not store credit card numbers, CVVs, or other sensitive payment details on our servers.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Account management and authentication
• Subscription billing and payment processing
• Download quota enforcement per subscription tier
• API rate limiting and usage tracking
• Service improvement and reliability monitoring

3. Third-Party Services

We use the following third-party data processors to operate the platform:

4. Cookies & Tracking

Guzz Labs uses only essential cookies required for authentication and session management. We do not use analytics services, tracking pixels, advertising cookies, or any third-party behavioral tracking. We do not share your data with advertisers or use it for advertising purposes.

5. Legal Basis for Processing

For users in applicable jurisdictions (such as the European Economic Area), we process your personal data on the following legal bases: contract performance (providing the services you signed up for), legitimate interest (service security, abuse prevention, and reliability monitoring), and legal obligation (where required by applicable law).

6. Data Retention

• Account data is retained for as long as your account remains active.
• API usage logs are retained for a limited period necessary to support billing, auditing, and abuse prevention.
• Deletion. All account data is deleted within a reasonable timeframe after processing an account deletion request, except where retention is required by law.

7. Your Rights

You have the following rights regarding your personal data:

• Request an export of all data associated with your account
• Request deletion of your account and all associated data
• Update your email address at any time
• Cancel your subscription at any time via your account dashboard or by contacting support

If you are located in the European Economic Area, you have the right to object to or restrict certain processing of your data and to lodge a complaint with your local data protection authority.

8. Security

• Encryption in transit. All data is transmitted over HTTPS/TLS.
• Server-side secrets. Sensitive credentials such as API keys, database credentials, and service tokens are stored securely as server-side environment variables and are never exposed to clients.
• API key hashing. User API keys are hashed using SHA-256 before storage. The original key is shown only once at creation time.
• Passwordless authentication. Guzz Labs uses email-based magic links for authentication. No passwords are stored.

9. Disclosure

We may disclose your personal data where required to do so by law or in response to valid legal requests by public authorities. In the event of a data breach affecting your personal information, we will notify affected users as required by applicable law.

10. International Users

Guzz Labs data is processed and stored in the United States (Vercel hosting) and the European Union (Hetzner, Germany — API and data services). By using Guzz Labs services, you consent to the transfer and processing of your data in these locations.

11. Changes

Guzz Labs reserves the right to update this Privacy Policy at any time. For material changes, we will notify registered users via email prior to the changes taking effect. Continued use of the service after changes constitutes acceptance of the revised policy.

12. Contact

To exercise your data rights or for any privacy-related inquiries, contact us at privacy@guzzlabs.com.