Herax Stores ("we," "our," or "us") operates the Herax API and its associated services (the "Service"). This Privacy Policy provides comprehensive information on how we collect, use, disclose, and protect your information when you use any of our APIs, including authentication, ranking, moderation, appeals, and any future variations. We are committed to full transparency and compliance with privacy laws worldwide, including GDPR, CCPA/CPRA, and CalOPPA.
1. Information We Collect
We may collect various types of information depending on how you interact with our Service:
- Account & Profile Data: Unique identifiers (UserID, usernames), display names, avatars or profile images, and other public information necessary for personalized services, rankings, and moderation.
- Technical Data: IP address (IPv4), device information, operating system, browser type, access logs, request timestamps, and other connection-related data. This helps maintain security, monitor usage, and prevent misuse.
- Service-Specific Data: Moderation data (reports, enforcement actions), appeal submissions (including text explanations and any attachments), and other content you provide while interacting with the Service.
We do not intentionally collect sensitive information like financial details, government IDs, or biometric data.
2. How We Use Your Information
Collected data is used for multiple purposes, including:
- Authentication & Access Control: Verifying account ownership and ensuring authorized access to our APIs.
- Service Functionality: Supporting rankings, moderation, appeals, and other API features accurately.
- Security & Fraud Prevention: Detecting, preventing, and responding to security incidents, unauthorized access, or malicious activity.
- Compliance: Ensuring legal obligations are met and Terms of Service are enforced.
- Service Improvement: Analyzing trends, troubleshooting issues, and enhancing user experience and API performance.
3. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA):
- Consent: Provided when authorizing use of the API.
- Contract: Necessary to deliver requested services.
- Legitimate Interests: Ensuring security, fraud prevention, and proper Service operation.
- Legal Obligation: Compliance with laws and regulations.
4. Data Retention
- Personal data is retained only as long as necessary for the Service.
- Data is deleted within 90 days following account deletion or appeal resolution.
- Technical and usage data may be retained longer for anonymized analytical purposes.
5. Data Sharing & Disclosure
- Service Providers: Vercel and Cloudflare process data strictly for operational purposes under Data Processing Agreements (DPAs) to ensure GDPR compliance.
- Legal Requirements: Disclosure may occur to comply with laws, regulations, or legal requests.
- Business Transfers: In case of mergers or acquisitions, data may be transferred with equivalent protections.
6. International Transfers
Your data may be processed or stored outside your country. We ensure appropriate safeguards, including standard contractual clauses, to maintain compliance with GDPR and other applicable laws.
7. User Rights
- GDPR Rights: Access, correction, deletion, restriction, portability, objection, and complaint rights.
- CCPA/CPRA Rights: Right to know, delete, opt out of sharing/sale (not sold), and non-discrimination.
- Data Subject Access Requests (DSARs): Users can submit requests to access, correct, or delete personal data by contacting [email protected].
8. Cookies and Tracking Technologies
Our services may use cookies and similar technologies to enhance user experience, analyze usage patterns, and provide functionality. Users can manage their cookie preferences through their browser settings.
9. Security Measures
We employ technical and organizational safeguards, including:
- TLS/HTTPS encryption
- Network protection and DDoS mitigation via Cloudflare
- Access control and monitoring
- Regular security audits
No system is completely secure; absolute protection cannot be guaranteed.
10. Children's Privacy
Our Service is not intended for children under 13 or the minimum legal age in your jurisdiction. We do not knowingly collect such information. If discovered, we delete it promptly.
11. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in practices, services, or legal requirements. Updates will be posted with the new "Last Updated" date. Continued use constitutes acceptance.
12. Contact Information
For questions, concerns, or to exercise your rights: