Summary: We collect minimal data needed to provide our service. We don't sell your data. We don't track you across the web. Your generated images are not stored long-term.
1. Information We Collect
Account Information
When you create an account, we collect:
- Email address
- Password (hashed, never stored in plain text)
- Payment information (processed by Stripe, we don't store card details)
Usage Data
We track:
- Number of API requests per month (for billing)
- API key usage (for rate limiting)
- Error logs (for debugging, auto-deleted after 30 days)
Generated Images
Images you generate via our API:
- Are not stored on our servers after generation
- Are returned directly to you and then discarded
- Content you provide (titles, images, etc.) is processed in memory only
2. How We Use Your Information
We use your information to:
- Provide the OG Image API service
- Process payments and manage subscriptions
- Send transactional emails (welcome, receipts, password resets)
- Respond to support requests
- Improve our service based on usage patterns
3. Data Sharing
We share data only with:
- Stripe — Payment processing
- SendGrid — Transactional emails
- Vercel — Hosting infrastructure
- Supabase — Database hosting
We do not sell your data to third parties or use it for advertising.
4. Data Retention
- Account data: Retained while your account is active
- Usage logs: Retained for 30 days
- Generated images: Not retained (processed in memory only)
- Payment records: Retained as required by law
5. Your Rights (GDPR)
If you're in the EU/EEA, you have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your account and data
- Export your data
- Object to processing
To exercise these rights, email privacy@ogimageapi.io.
6. Data Deletion
To delete your account and all associated data:
- Email privacy@ogimageapi.io with subject "Delete My Account"
- We will process deletion within 30 days
- Some data may be retained for legal/tax purposes
7. Security
We protect your data with:
- HTTPS encryption for all connections
- Hashed passwords (bcrypt)
- API key authentication
- Rate limiting to prevent abuse
- Regular security audits
8. Cookies
We use minimal cookies:
- Session cookie: To keep you logged in (essential)
- Analytics: Google Analytics for aggregate usage stats (optional)
9. Children's Privacy
Our service is not intended for children under 13. We do not knowingly collect data from children.
10. Changes to This Policy
We may update this policy occasionally. We'll notify you of significant changes via email.
11. Contact Us
Questions about this policy? Contact us: