apipick

Privacy Policy

Last updated: February 27, 2026

Introduction

Welcome to API Pick ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and API services at apipick.com.

API Pick provides credit-based developer API tools, including email validation, IP geolocation, China phone number verification, public holidays lookup, Telegram registration checking, and company information lookup. New accounts receive 100 free credits on signup; additional credits are available via pay-as-you-go purchase.

Information We Collect

Account Information

  • Email address (used for sign-in and account communications)
  • Name or display name (if provided via OAuth sign-in)
  • Authentication provider details (e.g. Google OAuth)
  • API keys associated with your account
  • Credit balance and transaction history

Data You Submit via API Calls

  • Email addresses submitted to the Email Validator
  • IP addresses submitted to the IP Geolocation API
  • Phone numbers submitted to the China Phone Checker or Telegram Phone Checker
  • Country/year parameters submitted to the Public Holidays API
  • Stock tickers or CIK numbers submitted to the Company Facts API

Submitted query data is processed to return results and is not permanently stored after the request is complete.

Information Automatically Collected

  • IP address and approximate geographic location of the request origin
  • Browser type, version, and operating system
  • API request timestamps, endpoints called, and response status codes
  • Credit deduction logs per API call
  • Cookies and similar session tracking technologies

How We Use Your Information

We use the information we collect to:

  • Create and manage your account and API keys
  • Provide, operate, and maintain our API services
  • Process API requests and return results
  • Track and deduct credits per successful API call
  • Process credit purchases and issue receipts
  • Improve, personalise, and expand our services
  • Understand and analyse how our services are used
  • Send transactional emails (account confirmation, low-credit alerts)
  • Detect, prevent, and address abuse, fraud, and technical issues
  • Comply with legal obligations

Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following circumstances:

  • Infrastructure Providers: We use Supabase for database and authentication services. Your account data is stored in Supabase-managed databases.
  • Payment Processors: Credit purchases are handled by our payment processor. We do not store full payment card details.
  • Legal Requirements: We may disclose information when required by law or to protect our rights, property, or safety
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred
  • Consent: We may share information with your explicit consent

Third-Party Data Sources

Our APIs return data sourced from the following third-party databases and libraries:

  • Telegram API: For phone number registration status and publicly visible profile data
  • SEC EDGAR Database: For public company filings, market cap, and financial data
  • MaxMind GeoLite2: For IP geolocation (country, city, coordinates, timezone, ISP, ASN)
  • python-holidays / vacanza: For national public holiday computation across 100+ countries
  • Chinese phone number databases: For carrier and location data for mainland China numbers

These third-party sources have their own privacy policies and terms of use, which we encourage you to review.

Data Security

We implement appropriate technical and organisational security measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction.

  • Encryption of data in transit (HTTPS/TLS) and at rest
  • API keys are hashed before storage
  • Regular security assessments and dependency updates
  • Access to personal information is limited on a need-to-know basis

However, no method of transmission over the Internet or electronic storage is 100% secure. We encourage you to keep your API keys confidential and to rotate them if you suspect they have been compromised.

Data Retention

  • Account data (email, API keys, credit balance) is retained while your account is active
  • API request query data (email addresses, phone numbers, IPs, tickers) is not permanently stored after processing
  • API request logs (endpoint, timestamp, response code, credits used) are retained for up to 90 days for debugging and billing verification
  • Credit transaction records are retained for a minimum of 5 years for financial compliance
  • Upon account deletion, personal data is removed within 30 days, except where retention is required by law

Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate personal information
  • Deletion: Request deletion of your account and associated data
  • Portability: Request a copy of your personal information in a structured format
  • Objection: Object to the processing of your personal information
  • Withdrawal of Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us using the information provided below.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enable and enhance your experience:

  • Essential Cookies: Required to maintain your login session and API key state
  • Analytics Cookies: Help us understand how visitors use our website (aggregated, anonymised)
  • Preference Cookies: Remember your dark/light mode and other UI preferences

You can control cookies through your browser settings, but disabling essential cookies will prevent you from staying signed in.

Children's Privacy

Our services are not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure that such transfers are conducted in accordance with applicable data protection laws and that appropriate safeguards are in place to protect your personal information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Contact Us

Visit our contact page to send us a message regarding privacy matters

← Back to Home