// legal

Privacy Policy

Last updated: April 17, 2026 · Effective: April 17, 2026

This Privacy Policy applies to RegIntel API and regintelapi.com, operated by RegIntel. If you have questions, contact us at support@regintelapi.com.

1. Information We Collect

1.1 Account Information

When you request an API key, we collect your email address. We use this to send you your API key, account notifications, and optional weekly regulatory update digests.

1.2 API Usage Data

We log API requests made with your API key, including:

Endpoint accessed (e.g. /regulations, /updates)
HTTP status code returned
Credits consumed
Timestamp of the request

We do not log request parameters, query strings, or any data you send in request bodies beyond what is needed to process the request.

1.3 Payment Information

Payments are processed by Stripe. We do not store credit card numbers, bank account details or other payment credentials. Stripe's privacy policy applies to payment processing: stripe.com/privacy.

1.4 Technical Information

We may collect your IP address and user agent for rate limiting, fraud prevention and security purposes. This data is not shared with third parties for marketing purposes.

2. How We Use Your Information

We use the information we collect to:

Provide and operate the RegIntel API service
Send your API key and account-related notifications
Send weekly regulatory digest emails (only if you subscribe)
Monitor API usage for billing, rate limiting and abuse prevention
Improve the service and fix technical issues
Comply with legal obligations

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or UK, our legal bases for processing your personal data are:

Contract performance — processing your email to provide the API key and service you requested
Legitimate interests — usage logging for security, billing and service improvement
Consent — sending regulatory digest emails (you can unsubscribe at any time)
Legal obligation — retaining records as required by applicable law

4. Data Sharing

We do not sell your personal data. We share data only with:

Stripe — for payment processing
Resend — for transactional email delivery
AWS — for cloud infrastructure hosting (Sydney region)

All third-party processors are bound by data processing agreements and handle data only as instructed.

5. Data Retention

We retain your account data for as long as your account is active or as needed to provide services. Usage logs are retained for 90 days. If you close your account or request deletion, we will delete your personal data within 30 days, except where retention is required by law.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access — request a copy of the data we hold about you
Rectification — request correction of inaccurate data
Erasure — request deletion of your data
Restriction — request that we limit processing of your data
Portability — request your data in a machine-readable format
Objection — object to processing based on legitimate interests
Withdraw consent — unsubscribe from emails at any time

To exercise any of these rights, email support@regintelapi.com. We will respond within 30 days.

7. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

HTTPS encryption for all data in transit
API key authentication on all account endpoints
Rate limiting to prevent abuse
Access controls limiting who can access production systems

8. International Transfers

Our servers are located in AWS Sydney (ap-southeast-2). If you access the service from the EEA or UK, your data is transferred to Australia. We rely on standard contractual clauses and adequacy decisions where applicable to ensure your data is protected in accordance with GDPR standards.

9. Cookies

We do not use tracking cookies or third-party advertising cookies. We use browser localStorage to store your API key client-side for dashboard functionality. This data never leaves your browser and is not transmitted to any third party.

10. Children's Privacy

The RegIntel API is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. The "Last updated" date at the top of this page reflects the most recent revision.

12. Contact

For privacy-related questions or to exercise your rights, contact us at:
support@regintelapi.com