Privacy Policy | CIDCORE API

1. Introduction

CIDCORE ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you use our API services at cidcore.com.

This policy is written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller: CIDCORE is the data controller for the personal information we process. For any privacy-related inquiries, please contact us at support@cidcore.com.

2. Information We Collect

2.1 Information You Provide Directly

We collect only the minimum information necessary to provide our services:

Account Information: When you register, we collect your name and email address to create and manage your account.
Billing Information: When you subscribe to a paid plan, payment information is processed by Stripe, our payment processor. We do not store credit card or bank account details on our servers.
Communications: When you contact us for support, we collect the information you voluntarily provide.

2.2 Information Collected Automatically

When you use our API, we automatically collect:

API Usage Logs: Timestamps, endpoints accessed, request volume, and response status codes for rate limiting and service monitoring.
Technical Information: IP addresses, user agent strings, and request headers for security and abuse prevention.
API Key Identifiers: We store a SHA256 hash of your API key for authentication. The raw key is shown once at creation and never stored or displayed again.

2.3 Information We Do NOT Collect

We do not collect sensitive personal data (racial or ethnic origin, political opinions, religious beliefs, health data, etc.)
We do not collect data from children under 13
We do not use cookies for tracking or advertising purposes

3. How We Use Your Information

We use your personal information only for specific, legitimate purposes:

Service Provision: To create your account, authenticate API requests, and deliver the services you subscribe to
Billing: To process payments and manage your subscription (via Stripe)
Security: To detect and prevent fraud, abuse, and unauthorized access
Service Improvement: To monitor usage patterns, debug issues, and improve our services
Communication: To send you service-related notifications, updates, and respond to support requests
Legal Compliance: To comply with applicable laws and regulations

4. Legal Basis for Processing (UK GDPR Article 6)

We process your personal information under the following legal bases:

Contract Performance (Article 6(1)(b)): Processing necessary to provide the services you have requested under our Terms of Service
Legitimate Interests (Article 6(1)(f)): Processing for security monitoring, fraud prevention, and service improvement
Legal Obligation (Article 6(1)(c)): Processing required to comply with applicable laws
Consent (Article 6(1)(a)): Where you have explicitly consented to specific processing activities

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. CIDCORE does not share your data with advertisers, data brokers, or third-party marketing companies.

5.1 Third-Party Service Providers

We share limited information with trusted third parties who help us operate our services:

Stripe, Inc. - Payment processing (subject to Stripe's privacy policy: https://stripe.com/privacy)
Hosting Providers - Infrastructure hosting (bound by data processing agreements)
Email Service Providers - Transactional email delivery (bound by data processing agreements)

5.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental request, or to protect our rights and the safety of our users.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you before your information becomes subject to a different privacy policy.

6. International Data Transfers

CIDCORE operates in the United Kingdom. If you access our services from outside the UK, your information may be transferred to and processed in the UK.

Where we transfer personal data outside the UK to third-party service providers, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO).

7. Data Retention

We retain your personal information only for as long as necessary:

Account Information: Retained while your account is active and for 7 years thereafter for legal and tax purposes
API Usage Logs: Retained for 12 months for security and analytics purposes
Billing Records: Retained for 7 years as required by UK tax law
Deleted Accounts: Personal information is anonymised or deleted within 30 days of account deletion, except where retention is required by law

8. Your Rights Under UK GDPR

As a data subject, you have the following rights regarding your personal information:

8.1 Right of Access (Article 15)

You may request a copy of the personal information we hold about you. We will respond within 30 days.

8.2 Right to Rectification (Article 16)

You may request correction of inaccurate or incomplete personal information.

8.3 Right to Erasure (Article 17)

You may request deletion of your personal information ("right to be forgotten"), subject to legal retention requirements.

8.4 Right to Restrict Processing (Article 18)

You may request that we restrict processing of your personal information in certain circumstances.

8.5 Right to Data Portability (Article 20)

You may request your personal information in a structured, commonly used, machine-readable format.

8.6 Right to Object (Article 21)

You may object to processing based on legitimate interests or for direct marketing purposes.

8.7 How to Exercise Your Rights

To exercise any of these rights, please contact us at support@cidcore.com. We will respond within 30 days and may request verification of your identity.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal information:

Encryption: All data transmitted to and from our API is encrypted using HTTPS/TLS
API Key Security: API keys are hashed using SHA256 before storage. Raw keys are displayed once at creation and never stored.
Access Controls: Strict internal access controls limit who can access personal information
Regular Audits: We regularly review our security practices and update measures as needed

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete it promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

Posting the updated policy on this page with a revised "Last updated" date
Sending an email notification to your registered email address (for significant changes)

Your continued use of our services after changes constitutes acceptance of the updated Privacy Policy.

12. Complaints

If you have concerns about how we handle your personal information, please contact us first at support@cidcore.com.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Website: www.ico.org.uk
Helpline: 0303 123 1113
Email: icocasework@ico.org.uk

13. Contact Us

For any questions about this Privacy Policy or our data practices, please contact us at:

Email: support@cidcore.com