Privacy Policy — FeedOracle

Summary: We collect minimal data, host everything in Germany (EU), never sell your data, and comply fully with GDPR.

1. Data Controller & Processor Roles

FeedOracle operates in two GDPR roles depending on context. For standard API usage, FeedOracle is the data controller. For enterprise integrations where customers send data to FeedOracle for processing, FeedOracle acts as data processor under a DPA.

Location: Germany (EU)
Contact: privacy@feedoracle.io
DPA: Download DPA Template

2. Data We Collect

Account Data

Email address (for API key delivery)
API keys (generated identifiers)

Usage Data

API request logs (endpoint, timestamp, response code)
IP addresses (for rate limiting, deleted after 30 days)
Request IDs (for support troubleshooting)

Data We Do NOT Collect

Payment card details (processed by third-party)
Personal identification documents
Tracking cookies for advertising

3. How We Use Data

Provide and maintain our API services
Send transactional emails (API keys, alerts)
Enforce rate limits and prevent abuse
Improve service quality and fix issues
Comply with legal obligations

4. Legal Basis (GDPR)

Contract: Processing necessary for service delivery
Legitimate Interest: Security, fraud prevention, analytics
Legal Obligation: Tax records, compliance requirements
Consent: Marketing emails (if opted in)

5. Data Retention

Account data: Until account deletion + 30 days
API logs: 90 days
IP addresses: 30 days
Invoices: 10 years (legal requirement)

6. Data Location & Transfers

Primary data storage is in Germany (EU). CDN routing metadata (request headers, IP addresses) may transit globally via Cloudflare for DDoS protection. Personal data is not intentionally transferred outside the EU/EEA.

7. Data Sharing

We do not sell your data. We share data only with:

Hosting provider: netcup GmbH (Germany)
CDN/Security: Cloudflare (GDPR DPA in place)
Legal authorities: When required by law

8. Your Rights (GDPR)

You have the right to:

Access: Request a copy of your data
Rectification: Correct inaccurate data
Erasure: Delete your data ("right to be forgotten")
Portability: Receive data in machine-readable format
Object: Object to certain processing
Withdraw consent: At any time

Contact privacy@feedoracle.io to exercise your rights.

9. Security

TLS 1.2+ encryption in transit
Encrypted storage at rest
Regular security audits
Access controls and logging

10. Cookies

FeedOracle uses only strictly necessary cookies. No tracking, advertising, or analytics cookies.

cc — Cookie consent acknowledgment (persistent, essential)
session — Dashboard session if logged in (session, essential)

Cloudflare may set __cf_bm for DDoS protection (strictly necessary under GDPR). No third-party tracking cookies are set.

11. Changes

We may update this policy. Significant changes will be notified via email or website notice.

12. Contact

Privacy inquiries: privacy@feedoracle.io

Supervisory Authority: You may lodge a complaint with your local data protection authority.