Privacy Policy

1. Introduction

PriceDepth, Inc. ("PriceDepth," "we," "us," or "our") operates the PriceDepth alternative asset pricing API and website at pricedepth.com. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website, use our API, or interact with our services.

By accessing or using our services, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access our services.

2. Information We Collect

2.1 Account Information

When you register for a PriceDepth account, we collect:

• Email address
• Name (if provided)
• Organization or company name (if provided)
• API key credentials (generated by our system)

2.2 API Usage Data

When you use our API, we automatically collect:

• Endpoints called and query parameters used
• Timestamps of each API request
• IP addresses from which requests originate
• Request and response metadata (status codes, response times, request IDs)
• Rate limit counters for your API key and tier

2.3 Payment Information

Payment processing is handled entirely by Stripe, Inc. We do not store, process, or have access to your full credit card numbers. Stripe may share with us:

• Last four digits of your payment card
• Card brand and expiration date
• Billing address
• Payment transaction status

For details on how Stripe handles your payment data, please review Stripe's Privacy Policy.

2.4 Device and Browser Information

When you visit our website, we may automatically collect:

• Browser type and version
• Operating system
• Screen resolution
• Referring URL
• Pages visited and time spent on each page

2.5 Cookies and Tracking

We use minimal cookies and tracking technologies:

• Essential cookies: Required for authentication and session management
• Analytics cookies: Used to understand how visitors interact with our website (e.g., page views, navigation patterns)

We do not use advertising cookies or third-party tracking pixels. We do not participate in cross-site tracking or ad networks.

3. How We Use Information

We use the information we collect for the following purposes:

• Provide and improve the API service: Delivering pricing data, maintaining uptime, optimizing performance, and developing new features
• Billing and account management: Processing subscription payments, managing plan tiers, and tracking usage against quotas
• Usage analytics and rate limiting: Monitoring API consumption patterns, enforcing rate limits, and ensuring fair use across all customers
• Security and fraud prevention: Detecting unauthorized access, preventing abuse, and protecting the integrity of our systems
• Communication: Sending service updates, maintenance notifications, security alerts, and billing receipts. We will only send marketing communications with your explicit opt-in consent

4. Data Sharing

We Do NOT Sell Personal Data

PriceDepth does not sell, rent, or trade your personal information to third parties for marketing or advertising purposes. We never have, and we never will.

Third-Party Service Providers

We share limited data with the following processors who assist in operating our service:

• Stripe (payments) — Processes subscription billing and payment transactions
• Supabase (database and authentication) — Hosts account data and authentication services
• Sentry (error tracking) — Receives error reports and stack traces to help us fix bugs (may include request metadata)
• Cloudflare (CDN and security) — Provides DDoS protection, WAF, and content delivery

Each of these providers is bound by their own privacy policies and data processing agreements.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal process, including:

• Court orders or subpoenas
• Requests from law enforcement or government agencies
• To protect the rights, property, or safety of PriceDepth, our users, or others

5. Data Retention

• API usage logs: Retained for 90 days, then automatically purged. Aggregated, anonymized usage statistics may be retained indefinitely
• Account data: Retained for as long as your account is active. Upon account deletion, personal data is removed within 30 days
• Payment records: Retained as required by tax and financial regulations (typically 7 years for transaction records)
• Error logs: Retained for 30 days in Sentry, then automatically deleted

6. Your Rights (GDPR / CCPA)

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate personal data
• Right to deletion: Request deletion of your personal data ("right to be forgotten")
• Right to data portability: Request your data in a structured, commonly used, machine-readable format
• Right to object: Object to processing of your personal data for certain purposes
• Right to opt out of marketing: Unsubscribe from marketing communications at any time
• Right to non-discrimination: We will not discriminate against you for exercising your privacy rights (CCPA)

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days.

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act. We do not sell personal information. You may request disclosure of the categories and specific pieces of personal information we have collected about you in the preceding 12 months.

European Economic Area Residents (GDPR)

If you are located in the EEA, our legal basis for processing your data is:

• Contract performance: Processing necessary to provide the API service you subscribed to
• Legitimate interests: Security monitoring, fraud prevention, and service improvement
• Legal obligation: Tax and financial record-keeping requirements
• Consent: Marketing communications (opt-in only)

7. Security

We implement industry-standard security measures to protect your data:

• Encryption in transit: All data transmitted between your application and our API is encrypted using TLS 1.2 or higher
• Encryption at rest: Database contents are encrypted at rest
• API key hashing: API keys are stored using one-way cryptographic hashes. Only the key prefix is visible in your dashboard for identification purposes
• Access controls: Internal access to production systems and customer data is restricted to authorized personnel with multi-factor authentication
• Infrastructure security: Our services are protected by Cloudflare WAF, run in isolated Docker containers, and receive regular security updates

For a detailed overview of our security practices, visit our Security page.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

For material changes, we will notify you by email at least 30 days before the changes take effect. Non-material updates (e.g., formatting, clarifications) may be made without prior notice.

The "Effective Date" at the top of this page indicates when this policy was last updated. We encourage you to review this policy periodically.

9. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: [email protected]
• General inquiries: [email protected]
• Website: pricedepth.com

PriceDepth, Inc.
United States