Skip to main content

Privacy Policy

We believe in transparency and protecting your data. This policy explains our data practices and how we safeguard the information you entrust to us.

Last updated: January 15, 2025

Quick Summary

Data is encrypted in transit and at rest
Your data is never sold to third parties
You own your data and can export it anytime
Only minimum necessary data is retained

Introduction

We at G8KEPR are committed to protecting your privacy. This Privacy Policy explains our data handling practices and safeguards when you use our service. We comply with applicable privacy regulations worldwide.

Information We Collect

Account Information

When you create a G8KEPR account, the following information is gathered:

  • Email address
  • Full name
  • Organization name
  • Password (encrypted with bcrypt)

Usage Data

To provide and improve our service, the following data is gathered:

  • API request logs (endpoints, methods, response times, status codes)
  • Security event logs (blocked threats, rate limit violations)
  • Usage metrics (requests per day, quota usage)
  • Browser and device information
  • IP addresses (for security and fraud prevention)

How We Use Your Information

Your information is used to:

  • Provide our service: Process API requests, enforce rate limits, detect threats
  • Billing: Process payments and send invoices
  • Security: Detect fraud, prevent abuse, and respond to security incidents
  • Improvement: Analyze usage patterns to improve performance and features
  • Compliance: Meet legal and regulatory requirements under applicable law

Information Sharing

We do not sell your data. We only share data with:

  • Service providers: Stripe (payments), AWS/DigitalOcean (hosting)
  • Law enforcement: Only when legally required by valid court order
  • Business transfers: In the event of a merger or acquisition (you'll be notified)

Data Security

We implement industry-standard security measures to protect your data:

Encryption

TLS 1.3 for data in transit, AES-256 for data at rest

Authentication

JWT tokens with 15-min expiry, secure password hashing

Infrastructure

Hosted on SOC 2 Type II certified cloud infrastructure (DigitalOcean). G8KEPR’s own SOC 2 Type II audit is planned for H2 2026; controls are implemented and evidence collection is active.

Monitoring

24/7 security monitoring and intrusion detection

Data Retention

  • Account data: Retained while your account is active; deleted within 30 days after account termination
  • API logs: Retained for 30 days; you may export your data at any time during this window (see Terms §11.3)
  • Security and audit logs: Retained for 1 year for compliance purposes (EU AI Act Article 12, SOC 2)
  • Billing records: Retained for 7 years per tax regulations

Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where required by applicable law (GDPR Article 33)
  • Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms (GDPR Article 34)
  • Provide details including the nature of the breach, categories and approximate number of data subjects affected, likely consequences, and measures taken or proposed to address the breach

To report a suspected security incident, contact security@g8kepr.com immediately.

Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of your data
  • Correction: Update incorrect or incomplete data
  • Deletion: Request deletion of your data (right to be forgotten)
  • Portability: Export your data in machine-readable format
  • Objection: Opt out of marketing communications

GDPR

EU residents have additional rights and protections under European data protection law.

CCPA

California residents have specific rights regarding their personal information under California law.

Cookies and Tracking

Essential cookies are used to:

  • Maintain your login session
  • Remember your preferences
  • Prevent fraud and abuse

We do not use third-party advertising or tracking cookies.

International Data Transfers

Your data may be transferred to and processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

Children's Privacy

G8KEPR is not intended for users under 18 years of age. We do not knowingly collect data from children. If you believe we have collected data from a child, please notify our privacy team immediately.

Third-Party Services

We partner with carefully selected vendors to operate G8KEPR. These partners may collect data according to their own privacy policies. Our main vendors include Stripe for payment processing and AWS/DigitalOcean for hosting infrastructure.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes via email or dashboard notification. Continued use of our service after changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this privacy policy, please reach out:

Email: privacy@g8kepr.com

Data Protection Officer: dpo@g8kepr.com

Mail: G8KEPR Privacy Team

Questions About Our Privacy Practices?

Our team is here to help with any privacy concerns. Reach out anytime.

Get in Touch