Skip to content

Legal_

Privacy Policy

How LocaleSense handles data: IP addresses are hashed and never stored raw, request logs are pruned automatically, and billing runs through Stripe.

Effective [EFFECTIVE DATE]

Draft pending legal review. Complete the bracketed values ([LEGAL ENTITY], [JURISDICTION], [CONTACT EMAIL], [EFFECTIVE DATE]) and have counsel review before publishing.

Who we are

LocaleSense ("we", "us") is operated by [LEGAL ENTITY]. This policy explains what we collect when you use our API or website, why, and the choices you have.

What we collect

  • Account data — your name, email, authentication credentials (passkeys or a password hash plus 2FA), and, for paid plans, billing details held by our payment processor.
  • API usage — the endpoints you call, timestamps, response status, your API key, and the resolved country of a request, for metering, billing, and abuse prevention.
  • IP addresses — hashed, never stored raw. Request logs record a salted SHA-256 hash of the caller's IP, not the address itself. We cannot reverse it to an IP, and the logs are pruned automatically on a rolling schedule.

What we do not do

We do not sell your data. We do not store raw IP addresses. We do not run third-party advertising trackers on our API. The commerce data we return is derived from public and licensed reference sources, not from profiling individual end users.

How we use it

To provide and secure the Service, meter usage and bill paid plans, prevent abuse, respond to support requests, and comply with law. We rely on our legitimate interest in operating the Service and on the performance of our contract with you.

Sub-processors

We share the minimum necessary with:

  • Stripe — payment processing and billing;
  • MaxMind (GeoLite2) — IP geolocation reference data (used locally; we do not send caller IPs to MaxMind at request time);
  • Our hosting and CDN provider — to serve the Service.

Retention

Request logs (with hashed IPs) are retained only as long as needed for metering and abuse prevention and are pruned automatically. Account and billing records are kept for the life of the account and as required by law after closure.

Your rights

Depending on your location, you may have rights to access, correct, export, or delete your personal data, and to object to certain processing. To exercise them, contact [CONTACT EMAIL]. You may also lodge a complaint with your local data-protection authority.

Security

API keys are stored only as hashes. Dashboard accounts require passkey or password-plus-2FA authentication. We apply access controls and encryption in transit. No system is perfectly secure; notify us of any concern at [CONTACT EMAIL].

Changes and contact

We may update this policy; material changes will be notified through the Service. Questions: [CONTACT EMAIL].

See also our Terms of Service.