Back to Home

Privacy Policy

Last updated: December 22, 2025

1. Introduction

Cost Tracker API is an API cost monitoring platform designed to help you track and optimize the costs of your API usage.

This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our service.

This service is operated by **Ciardo Francesco** (Data Controller).

Contact Information:
Email: iltuobrand@outlook.it
Location: Italy, European Union

2. Information We Collect

2.1 Account Information

  • Email address
  • Full name
  • Password (encrypted and hashed using bcrypt)

2.2 API Data

  • API keys (encrypted at rest)
  • Provider names
  • Usage data and metrics
  • Cost information
  • API call logs and timestamps

2.3 Usage Data

  • Information about your interaction with the platform
  • Access times and session duration
  • Feature usage patterns
  • Dashboard interactions

2.4 Technical Data

  • IP address
  • Browser type and version
  • Device information
  • Operating system
  • Technical identifiers for service functionality

3. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

3.1 Contract Performance (Art. 6(1)(b) GDPR)

  • Account creation and authentication
  • Providing API cost monitoring services
  • Delivering cost-saving recommendations
  • Technical support and customer service

3.2 Legitimate Interest (Art. 6(1)(f) GDPR)

  • Platform security and fraud prevention
  • Service improvement and optimization
  • Technical infrastructure maintenance
  • Anonymous analytics for service enhancement

3.3 Legal Obligation (Art. 6(1)(c) GDPR)

  • Compliance with EU and Italian regulations
  • Tax and accounting requirements
  • Response to legal requests from authorities

3.4 Consent (Art. 6(1)(a) GDPR)

  • Marketing communications (optional)
  • Non-essential cookies (where applicable)

4. How We Use Your Information

We use your information to:

  • Provide and maintain the Cost Tracker API service
  • Monitor and track your API costs across providers
  • Generate cost-saving recommendations
  • Send account verification and transactional emails
  • Provide customer support and technical assistance
  • Ensure platform security and prevent fraudulent activity
  • Comply with legal obligations
  • Improve our service through anonymous analytics

5. Data Storage and Security

5.1 Security Measures

We implement industry-standard security measures to protect your data:

  • Database: Supabase with encryption at rest and in transit
  • Hosting: Vercel with enterprise-level security
  • Email Service: Resend for transactional emails
  • Encryption: HTTPS/TLS for all data in transit
  • Password Security: Bcrypt hashing algorithm
  • API Keys: Encrypted storage with restricted access
  • Regular Backups: Automated with 90-day retention

5.2 Data Location

  • Primary Storage: European Union (Supabase EU region)
  • Hosting Infrastructure: Distributed globally via Vercel CDN
  • Email Infrastructure: Resend (EU-compliant provider)

5.3 Access Control

  • Role-based access control (RBAC)
  • Multi-factor authentication support
  • Regular security audits
  • Employee access limited to necessary personnel only

6. Third-Party Services

We use the following third-party services to operate our platform:

6.1 Vercel (Hosting)

  • Purpose: Frontend hosting and delivery
  • Data Processed: Technical data, IP addresses, access logs
  • Location: Global CDN with EU data centers
  • Privacy Policy: vercel.com/legal/privacy-policy

6.2 Supabase (Database & Authentication)

  • Purpose: Data storage and user authentication
  • Data Processed: All user data and API information
  • Location: European Union data centers
  • Privacy Policy: supabase.com/privacy

6.3 Resend (Email Service)

  • Purpose: Transactional email delivery
  • Data Processed: Email addresses, verification codes
  • Location: EU-compliant infrastructure
  • Privacy Policy: resend.com/legal/privacy-policy

Data Sharing: We do NOT sell, rent, or share your personal data with third parties for marketing purposes.

7. International Data Transfers

While we primarily store data in the EU, some technical operations may involve data transfers outside the European Economic Area (EEA):

Safeguards: We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Partners certified under EU-U.S. Data Privacy Framework (where applicable)
  • Technical and organizational security measures

8. Data Retention

8.1 Active Accounts

We retain your data as long as your account remains active and for the duration necessary to provide services.

8.2 Account Deletion

When you delete your account:

  • Personal data is permanently deleted within 30 days
  • API usage data is anonymized and retained for statistical purposes
  • Backup copies may remain for up to 90 days for disaster recovery

8.3 Legal Requirements

Some data may be retained longer if required by law (e.g., for tax and accounting purposes, typically 10 years in Italy).

9. Your Rights Under GDPR

As a data subject in the European Economic Area (EEA), you have the following rights:

9.1 Right of Access (Art. 15 GDPR)

You can request a copy of all personal data we hold about you.

9.2 Right to Rectification (Art. 16 GDPR)

You can request correction of inaccurate or incomplete data.

9.3 Right to Erasure (Art. 17 GDPR)

You can request deletion of your personal data ("right to be forgotten").

9.4 Right to Data Portability (Art. 20 GDPR)

You can request your data in a structured, commonly used, machine-readable format (JSON or CSV).

9.5 Right to Restrict Processing (Art. 18 GDPR)

You can request limitation of how we process your data.

9.6 Right to Object (Art. 21 GDPR)

You can object to processing based on legitimate interests or for direct marketing.

9.7 Automated Decision-Making (Art. 22 GDPR)

We do not use automated decision-making or profiling that produces legal effects.

9.8 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

9.9 How to Exercise Your Rights

To exercise any of these rights, contact us at: iltuobrand@outlook.it

We will respond to your request within **30 days** (extendable by 2 months for complex requests).

10. Cookies and Tracking Technologies

10.1 Essential Cookies

We use essential cookies required for:

  • User authentication and session management
  • Security and fraud prevention
  • Service functionality

These cookies do not require consent as they are strictly necessary for the service.

10.2 Analytics

Currently, we do not use third-party analytics cookies (e.g., Google Analytics).

If this changes, we will:

  • Update this Privacy Policy
  • Request your consent where required by law
  • Provide an opt-out mechanism

11. Children's Privacy

Cost Tracker API is not intended for users under 16 years of age. We do not knowingly collect personal data from children.

If you believe we have inadvertently collected data from a child, contact us immediately at iltuobrand@outlook.it, and we will delete it promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in:

  • Our practices
  • Legal requirements
  • Service features

Notification of Changes:

  • Material changes will be notified via email
  • The "Last Updated" date at the top will be revised
  • Continued use of the service constitutes acceptance of changes

13. Your Right to Lodge a Complaint

If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with a supervisory authority:

Italian Data Protection Authority (Garante per la protezione dei dati personali)
Website: garanteprivacy.it
Address: Piazza Venezia 11, 00187 Roma, Italy
Email: garante@gpdp.it

You also have the right to lodge a complaint with the supervisory authority in your country of residence or place of work.

14. Data Protection Officer (DPO)

Given the scale and nature of our operations, we are not required to appoint a Data Protection Officer under GDPR Art. 37.

For all privacy-related inquiries, contact the Data Controller directly:
Email: iltuobrand@outlook.it
Data Controller: Ciardo Francesco

15. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us:

Email: iltuobrand@outlook.it
Data Controller: Ciardo Francesco
Location: Italy, European Union

Response Time: We aim to respond to all inquiries within **30 days**.

Acknowledgment: By using Cost Tracker API, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.