Legal
Privacy Policy
Last updated: April 2025
NoorAPI ("we", "us", "our") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and what we never do.
The short version: We collect your email address and API usage statistics (token counts, latency). We never read, store, or sell your message content. Ever.
1. Information We Collect
- Email address — required to create an account.
- API usage logs — model name, token counts, request latency, HTTP status, timestamp. NOT message content.
- Billing information — handled entirely by Stripe. We never see or store card numbers.
2. Information We Do NOT Collect
- Message content — we never log your prompts or model responses.
- Personal data beyond email — no name, phone, address, or demographics.
- Browsing behavior — no third-party analytics pixels or tracking scripts.
3. How We Use Your Information
- To authenticate you and issue API keys.
- To enforce rate limits and plan quotas.
- To detect abuse and enforce our Terms of Service.
- To send transactional emails (account creation, billing receipts).
- To improve model routing and infrastructure using aggregate metrics.
4. Data Retention
- API usage logs — retained for 90 days, then automatically deleted.
- Account data (email, API keys) — retained until you delete your account.
- Billing records — retained by Stripe per their legal obligations.
5. Third Parties
- Stripe — payment processing only. Subject to Stripe's Privacy Policy.
- We do not sell, rent, or share your data with advertisers or data brokers.
6. Data Security
All data is transmitted over TLS. API keys are hashed (SHA-256) before storage and never displayed in full after creation.
7. Your Rights
You may request access to, correction of, or deletion of your data at any time by emailing [email protected]. We will respond within 30 days.
8. Changes to This Policy
We will notify registered users by email of material changes at least 14 days in advance.
9. Contact
Questions? Email [email protected].