SportDB

Privacy Policy

Last updated: 2025-10-25

This Privacy Policy explains how SportDB.dev ("we", "us") collects, uses, and shares information in connection with our RESTful sports data API and related websites and services.

Information we collect

  • Account information: Email address, password (stored as a secure hash), and optional profile details. If you sign in with OAuth (e.g., Google or GitHub), we store your provider, provider account ID, and basic profile info returned by the provider.
  • API keys: We store only a hashed form of your API keys and a short prefix for identification. The full plaintext key is shown only once at creation.
  • Usage data: Per-request logs tied to your user and API key, including method, path, query string, response status, duration, bytes sent, and timestamps. We use this for rate limiting, diagnostics, analytics, and billing.
  • Subscription and billing: Stripe customer and subscription identifiers, metered item identifiers, plan details, and billing period dates. We do not store full payment card details; Stripe processes payments on our behalf.
  • Technical data: IP address, browser/user agent, and similar metadata may be captured in server logs for security and operational purposes.

How we use information

  • Provide and operate the API and related features.
  • Authenticate users, issue and validate API keys, and enforce rate limits.
  • Measure usage for plan limits, overage calculations, and analytics.
  • Process payments, manage subscriptions, and handle support requests.
  • Maintain security, prevent abuse, debug issues, and improve the service.
  • Comply with legal obligations.

Sharing of information

  • Service providers: We share limited data with vendors that power our service, including Stripe (payments and subscriptions), infrastructure/hosting providers, email delivery (if enabled), and optional error monitoring/analytics (e.g., Sentry when configured).
  • Legal: We may disclose information to comply with law, enforce our Terms, or protect rights, safety, and property.
  • Business transfers: In connection with a merger, acquisition, or asset sale, information may be transferred as permitted by law.

Security

We protect data in transit with HTTPS. API keys are stored only as hashed values with identifiable prefixes. Access to systems is restricted to authorized personnel. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

Data retention

We retain account, subscription, and usage records for as long as necessary to operate the service, comply with legal obligations, and resolve disputes.

Your choices and rights

  • You can manage API keys and subscriptions in the dashboard.
  • You may request access, correction, or deletion of your account data by contacting us.
  • Deleting your account will revoke API keys and remove associated personal data, subject to retention required for legal or billing purposes.

International data transfers

We may process and store information on servers located in various countries. By using the service, you consent to the transfer of information to locations outside your country which may have different data protection rules.

Children

Our service is not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us to request deletion.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be highlighted on this page. Your continued use of the service after changes becomes effective signifies your acceptance.

Contact

Questions or requests: [email protected]