Privacy Policy

Last Updated: June 29, 2026

This policy complies with GDPR (EU) and PIPL (China). We are committed to protecting your privacy.

1. Data Controller

The data controller is ChinaAPI Global Ltd., Hong Kong SAR, China. Contact: privacy@chinaapi.com

2. Data We Collect

  • Account data: Email, name, password hash (bcrypt)
  • API usage metadata: Model name, token count, latency, status codes
  • Payment data: Processed by Stripe; we do not store card numbers
  • Technical data: IP address (hashed), browser type for security

3. Data We Do NOT Collect

We do NOT store:

  • API prompt/message content
  • AI model responses
  • System prompts
  • Credit card numbers (handled by Stripe)
  • Plaintext passwords (bcrypt hash only)

4. Legal Basis (GDPR Art. 6)

  • Contract performance (Art. 6(1)(b)): Account creation, API access, billing
  • Legitimate interest (Art. 6(1)(f)): Security monitoring, fraud prevention
  • Consent (Art. 6(1)(a)): Marketing communications (opt-in)
  • Legal obligation (Art. 6(1)(c)): Tax records retention (7 years)

5. Data Retention

  • Account data: Until deletion + 30 days
  • API usage metadata: 90 days
  • Billing records: 7 years (legal requirement)
  • Support tickets: 12 months after closure
  • IP access logs: 30 days

6. International Data Transfer

Your API requests are forwarded to AI model providers in China. This is necessary for service provision. We do not store the content of these requests.

7. Your Rights

  • Right of Access: Request a copy of your data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request account deletion
  • Right to Portability: Export data in machine-readable format
  • Right to Object: Object to processing based on legitimate interest

To exercise your rights, contact privacy@chinaapi.com. We respond within 30 days.

8. Data Security

We use TLS 1.2+ encryption in transit, AES-256 at rest, and bcrypt for passwords. In the event of a data breach, we will notify affected users within 72 hours.

9. Cookies

We only use essential session cookies for authentication. We do not use advertising or tracking cookies.

10. Contact

For privacy-related questions, contact privacy@chinaapi.com or use our Help & Feedback page. EU/EEA users may also lodge complaints with their local data protection authority (DPA).