GDPR COMPLIANT

Privacy Policy

Last updated: February 2026

1. Data Controller

SiftlyAPI (Cornelius Venti)
Email: hello@siftlyapi.com

2. What We Collect

API Users

Email, IP address, user agent — analyzed but NOT stored

NO PII STORED

Website Visitors

Minimal — no cookies, no tracking

Dashboard Users

Account info via Clerk, billing via Polar

3. How We Use Your Data

  • Trust scoring — our core service
  • Rate limiting — for demo API
  • Account management — for dashboard users

4. International Data Transfers

Your data may be processed on servers located outside your country. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) for EU transfers
  • Adequacy decisions where applicable

5. Data Protection

HASHED DATA
  • No PII logged — only aggregate metrics
  • Cache keys hashed with HMAC-SHA256
  • Email/IP hashed before any storage
  • Short TTLs — 24h max for analysis, 1h for velocity

6. Third-Party Services

ClerkAuthentication

Authentication and session management

Privacy Policy

ConvexDatabase

Real-time database and backend services

Privacy Policy

PolarBilling

Subscription billing and payment processing

Privacy Policy

We do not set any first-party cookies. We do not use analytics or advertising cookies.

7. Your Rights

Under GDPR and applicable data protection laws, you have:

Right to Access
Right to Rectification
Right to Erasure
Right to Portability

To exercise any of these rights, contact us at hello@siftlyapi.com

8. California Consumer Privacy Act (CCPA)

California residents have additional rights:

Right to Know
Right to Delete
Right to Opt-Out
Right to Non-Discrimination

9. Data Processing Agreement

For enterprise customers requiring a DPA, contact us at hello@siftlyapi.com

10. Contact

Questions? Reach out at hello@siftlyapi.com

← Back to Home