Privacy Policy

When you use our API, we collect and process the following:

• Developer Account Data: Your name, email, billing details, and API keys.
• API Payload Data: The end-user email addresses, company names, and app names passed into our /api/v1/otp/send endpoint.
• Telemetry Data: IP addresses, request timestamps, and response statuses used solely for rate-limiting and operational analytics.

Payload data is used strictly for the delivery of the requested OTP. We do not use your end-users' email addresses for marketing, nor do we cross-reference them across different clients' applications.

For security, generated One-Time Passwords (OTPs) are stored temporarily and are treated as highly volatile data:

• OTPs are cryptographically generated and stored only until they expire (maximum 10 minutes).
• Once an OTP is verified or expires, it is permanently deleted from our active memory/database.
• We retain sanitized logs (e.g., "1 OTP sent at 12:00 PM") for billing and rate-limiting purposes, stripped of PII where possible.

We do not sell, rent, or trade your data or your end-users' data. We only share necessary delivery data (the email address and message body) with our vetted email infrastructure provider (Resend) solely for the purpose of transmitting the email.