← Back to home

Privacy Policy

Last updated: April 2, 2026

1. Who We Are

Exchange Rate API is operated by Nimbus, based in Belgium. This policy explains how we handle your data.

2. Data We Collect

• Email address — provided during signup, used for account verification and key delivery.
• API usage logs — endpoint called, timestamp, response status, and latency. Used for billing and rate limiting.
• API key metadata — hashed key, plan, creation date. Raw keys are never stored.
• Payment data — processed by Stripe. We do not store card numbers.

3. Data We Do NOT Collect

• We do not use cookies or tracking scripts on this website.
• We do not collect IP addresses in our application logs.
• We do not sell or share your data with third parties for marketing.

4. How We Use Your Data

• Send verification and API key emails (via Resend).
• Enforce rate limits and monthly quotas.
• Report usage to Stripe for billing.
• Monitor service health and debug issues.

5. Third-Party Services

• Cloudflare — hosting, DNS, edge caching. Subject to Cloudflare's privacy policy.
• Stripe — payment processing. Subject to Stripe's privacy policy.
• Resend — transactional emails. Subject to Resend's privacy policy.

6. Data Retention

• Usage logs are retained for 90 days, then automatically deleted.
• Account data is retained while your account is active.
• You may request deletion of your data by contacting us.

7. Your Rights (GDPR)

As a Belgian company, we comply with GDPR. You have the right to access, correct, or delete your personal data. Contact us to exercise these rights.

8. Changes

We may update this policy. Material changes will be communicated via email to registered users.

9. Contact

Data protection inquiries: andy.degheldere@gmail.com.