Features Pricing Blog Get API Key

Privacy Policy

Last updated: March 22, 2026  ·  WasteCalc API — wastecalcapi.com

The short version: We collect the minimum data needed to run the service. We never sell it. We store it securely. You can request deletion at any time by emailing [email protected].

📋 Information We Collect

We collect only the information necessary to provide and improve the WasteCalc API service.

Account Information

When you register for an API key, we collect your email address and a password (stored as a bcrypt hash — we never see the plaintext). You may optionally provide a name or company name.

API Usage Logs

Every API call is logged with the following data: timestamp, endpoint called, HTTP status code, response time in milliseconds, and your API key ID (not the full key). We do not log request payloads or response bodies in persistent storage.

Payment Information

Billing is handled entirely by Stripe. We never see or store your full credit card number. Stripe provides us with a customer ID and subscription status. You can review Stripe's privacy policy at stripe.com/privacy.

Technical Data

Standard server logs may capture your IP address and user agent. These are used for abuse prevention and rate limit enforcement, not for tracking or profiling.

⚙️ How We Use Information

We use the information we collect for these specific purposes — nothing else:

  • Provide the API service — authenticate your requests, enforce rate limits, and return accurate estimates.
  • Billing — track usage against your plan quota and process payments through Stripe.
  • Abuse prevention — detect and block patterns consistent with scraping, credential stuffing, or API abuse.
  • Product improvement — aggregate, anonymized usage patterns (e.g., which endpoints are called most) help us prioritize what to build next.
  • Transactional emails — billing receipts, plan limit warnings, and security alerts. No marketing emails unless you opt in.

🗄️ Data Storage

All persistent data is stored in a PostgreSQL database encrypted at rest using AES-256. Database backups are also encrypted.

Request rate-limit counters are stored in Redis. Redis data is ephemeral — it is not backed up and expires automatically. No personal data is stored in Redis beyond your hashed API key ID for rate tracking.

Our infrastructure is hosted in US-based data centers. If you require data residency outside the US, contact us before signing up.

🤝 Data Sharing

We do not sell, rent, or trade your personal data. Period.

We share data with the following third parties only as necessary to operate the service:

Vendor Purpose Data Shared
Stripe Payment processing Email, billing address (for invoices)
Cloud hosting provider Infrastructure All stored data (encrypted at rest)

We may disclose data if required by law, such as in response to a valid court order or government subpoena. We will notify you if legally permitted to do so.

🗑️ Retention

We keep your data for the shortest time reasonably necessary:

  • Account data — retained for 90 days after you cancel or delete your account, then permanently deleted. This window exists in case you want to recover your account or dispute a billing charge.
  • API usage logs — retained for 30 days, then automatically purged. This covers one full billing cycle for dispute resolution.
  • Billing records — retained for 7 years as required by tax and accounting regulations. These are Stripe-held records and contain only transaction metadata, not payment card data.

🔒 Security

We take security seriously and apply industry-standard protections:

  • Transport — all API traffic is encrypted over TLS 1.2+ (HTTPS). Plain HTTP connections are rejected.
  • Passwords — hashed using bcrypt with a work factor tuned to current hardware.
  • Database — encrypted at rest using AES-256.
  • API keys — displayed only once at creation. We store only a hashed version. If you lose your key, you must rotate it.
  • Access control — production database access requires VPN + SSH key authentication. No password-based remote access.

If you discover a security vulnerability, please disclose it responsibly by emailing [email protected] before public disclosure.

Your Rights

You have the following rights regarding your personal data. Email [email protected] for any of these requests and we'll respond within 5 business days.

  • Access — request a copy of all personal data we hold about you.
  • Deletion — request permanent deletion of your account and all associated data. We'll honor this within 30 days (or sooner) minus legally required retention.
  • Export — request your account data in a machine-readable format (JSON).
  • Correction — request correction of inaccurate data (e.g., wrong email or company name).
  • Opt-out — unsubscribe from any non-transactional emails at any time via the unsubscribe link or by emailing us.

🍪 Cookies

We use cookies only for session management on the account dashboard. A single session cookie is set after login and expires when you close your browser or log out.

We do not use tracking cookies, advertising cookies, or third-party analytics that track you across sites. No Google Analytics, no Meta Pixel, no third-party tracking scripts on this site.

✉️ Contact

Questions, requests, or concerns about this privacy policy? We're humans who actually read email.

WasteCalc API
Email: [email protected]

If we make material changes to this privacy policy, we'll email registered users at least 14 days before the change takes effect.

Be First to Get Access

WasteCalc API is in private beta. Join the waitlist and we'll notify you when your account is ready.