Privacy Policy

At NextcraftAI ("we," "our," or "us"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our unified AI API Gateway service.

By using our service, you agree to the collection and use of information in accordance with this policy. We encourage you to read this Privacy Policy carefully.

1.1 Account Information

• Email address (required for account creation and authentication)
• Name (optional, for account personalization)
• Password (hashed using bcrypt, never stored in plain text)
• Team names and organization information

1.2 Usage and Technical Information

• API request logs (provider, model, tokens used, cost, latency, status)
• Wallet balance and transaction history (for pay-as-you-go billing)
• API key usage and authentication attempts
• IP addresses and request timestamps
• Device and browser information for security purposes

1.3 Payment Information

We use Stripe for payment processing. Payment card information is handled directly by Stripe and is not stored on our servers. We only store wallet balance information and transaction amounts for billing purposes.

We use the collected information for the following purposes:

• Service Delivery: To provide, maintain, and improve our NextcraftAI service
• Authentication: To authenticate your account and API key requests
• Billing: To process payments, manage wallet balances, and track usage costs
• Analytics: To provide usage statistics, performance metrics, and cost tracking in your dashboard
• Security: To detect and prevent fraud, abuse, and unauthorized access
• Communication: To send service-related notifications and respond to your inquiries
• Legal Compliance: To comply with applicable laws, regulations, and legal processes

We implement industry-standard security measures to protect your information:

• Passwords are hashed using bcrypt with salt rounds before storage
• API keys are hashed using SHA-256 before storage
• All API communications use HTTPS encryption
• JWT tokens for authentication with secure expiration
• Rate limiting to prevent abuse and unauthorized access
• Regular security audits and updates

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• Service Providers: With trusted third-party service providers (e.g., Stripe for payments, MongoDB for data storage) who assist in operating our service
• AI Providers: API requests are forwarded to third-party AI providers (Google Gemini, OpenAI) as necessary to fulfill your requests
• Legal Requirements: When required by law, court order, or governmental authority
• Business Transfers: In connection with any merger, acquisition, or sale of assets
• With Your Consent: When you explicitly authorize us to share your information

You have the following rights regarding your personal information:

• Access: Request access to your personal data we hold
• Correction: Update or correct inaccurate information through your account settings
• Deletion: Request deletion of your account and associated data
• Data Portability: Request a copy of your data in a structured format
• Opt-Out: Unsubscribe from marketing communications (service notifications may still be sent)

To exercise these rights, please contact us using the information provided in the Contact section below.

6. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

• Account information is retained while your account is active
• Request logs and usage data are retained for analytics and billing purposes
• Financial records are retained as required by law (typically 7 years)
• When you delete your account, we will delete or anonymize your personal data within 30 days, except where legal requirements mandate longer retention

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

• Authentication Cookies: JWT tokens stored in HTTP-only cookies for secure authentication
• Session Management: To maintain your login session and preferences
• Analytics: To understand how you interact with our service

For more detailed information about our use of cookies, please see our Cookie Policy.

8. Children's Privacy

Our service is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will take steps to delete such information promptly.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.