SharkApi.dev
SharkApi.dev
ProductPricingDocsTrial

Last updated: January 15, 2025

Privacy Policy

We take your privacy seriously. This policy explains what data we collect and how we use it.

1. Information We Collect

We collect the following categories of information when you use SharkApi.dev:

Account information:

  • Email address (required for registration)
  • Password (stored as a bcrypt hash — we never store plaintext passwords)
  • Account creation date and last login timestamp

API usage data:

  • API request logs: timestamp, token used, mode, job status, cost
  • Prompts submitted for image generation (retained for moderation and compliance)
  • Input images submitted (retained for moderation, deleted after 30 days)
  • Generated output image metadata (URL, dimensions, creation time)

Payment information:

  • Wallet top-up history and transaction records
  • Payment method details are processed and stored by Stripe — we do not store raw card data

Technical data:

  • IP addresses (for rate limiting and abuse detection)
  • Browser/client User-Agent strings
  • Session identifiers

2. How We Use Your Information

  • Providing, maintaining, and improving the Service
  • Processing API requests and charging your wallet
  • Detecting and preventing abuse, fraud, and policy violations
  • Sending service-related emails (billing receipts, security alerts)
  • Responding to support requests
  • Complying with legal obligations
  • Enforcing our Terms of Service and Acceptable Use Policy

3. Data Sharing

We do not sell your personal data. We share data only in the following limited circumstances:

  • With Stripe for payment processing (subject to Stripe's Privacy Policy)
  • With AWS for image storage in S3 (subject to AWS's Privacy Policy)
  • With law enforcement when required by law or to prevent illegal activity
  • With service providers who assist us in operating the platform, under strict data processing agreements

4. Data Security

We implement industry-standard security measures including:

  • TLS encryption for all data in transit
  • Encryption at rest for sensitive stored data
  • Access controls and audit logs for internal data access
  • Regular security reviews and vulnerability scanning
  • API tokens are stored hashed — we cannot recover your token if lost

Despite our efforts, no system is 100% secure. We will notify you promptly in the event of a data breach that affects your personal information.

5. Cookies

We use minimal cookies for essential functionality only:

  • Session cookies: to maintain your login session
  • CSRF tokens: to prevent cross-site request forgery
  • Locale preference: to remember your chosen language

We do not use advertising cookies or third-party tracking cookies.

6. Your Rights

Depending on your location, you may have the following rights:

  • Access: request a copy of the personal data we hold about you
  • Correction: request that we correct inaccurate data
  • Deletion: request that we delete your personal data (subject to legal obligations)
  • Portability: request your data in a machine-readable format
  • Objection: object to certain types of processing

To exercise these rights, contact us at privacy@sharkapi.dev. We respond to all requests within 30 days.

7. Data Retention

  • Account data: retained for the lifetime of your account plus 90 days after deletion
  • API logs: retained for 12 months
  • Input images: deleted 30 days after job completion
  • Generated images: stored in S3 for 90 days, then deleted
  • Financial records: retained for 7 years as required by law

8. Children's Privacy

The Service is not directed at persons under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, contact us immediately at privacy@sharkapi.dev.

9. Contact

For privacy-related questions, data requests, or concerns, contact our Data Protection team at privacy@sharkapi.dev.