APIwise
Legal

Privacy Policy

Last updated · 19 June 2026

This notice explains what personal data we collect when you contact APIwise, why we collect it, how long we keep it, and the rights you have under UK data protection law.

Who we are

APIwise(“APIwise”, “we”, “us”) is the data controller for the personal data described in this notice. For any privacy question or to exercise your rights, contact us at hello@apiwise.co.uk.

What we collect

When you submit our enquiry form we collect:

  • Details you provide — your name, company (optional), email address, the type of project, an indicative budget band, and your message.
  • Marketing preference — whether you opted in to receive occasional updates (off by default), and the time you did so.
  • Technical data — a one-way hashedversion of your IP address (we never store the raw IP), your browser's user-agent string, and any campaign (UTM) parameters in the link you arrived from. These are used to prevent abuse and understand which channels work.

How and why we use it (lawful basis)

  • To respond to your enquiry and discuss your project — our lawful basis is legitimate interests (responding to someone who has proactively contacted us about our services). We have assessed that this processing is necessary and does not override your rights.
  • To prevent spam and abuse — legitimate interests in keeping our systems secure (honeypot checks, bot verification via Cloudflare Turnstile, and rate-limiting).
  • To send you marketing updates — only where you have given consent via the optional checkbox. You can withdraw consent at any time by replying to any update or emailing us.

Who we share it with

We do not sell your data. We use a small number of trusted processors to run our service, each under a data-processing agreement:

  • Railway — application hosting, PostgreSQL database and Redis (where your enquiry is stored).
  • Resend — sending the notification to us and the confirmation email to you.
  • Cloudflare — Turnstile bot protection on the form.
  • Plausible Analytics — privacy-friendly, cookieless website analytics (no personal data, no cross-site tracking).
  • Sentry — error monitoring, used only if the application encounters a fault, to help us fix it.

Some of these providers may process data outside the UK. Where they do, we rely on appropriate safeguards (such as the UK International Data Transfer Addendum or equivalent) to protect your data.

How long we keep it

We keep enquiry data for up to 24 months from your last contact, to support our follow-up and sales conversations. After that, non-converting enquiries are deleted or anonymised automatically. If we go on to work together, your details are retained under our client-records basis instead. Technical/anti-abuse data is held only transiently.

Your rights

Under UK GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased;
  • restrict or object to our processing (including profiling);
  • data portability; and
  • withdraw consent at any time, where we rely on consent.

To exercise any of these, email hello@apiwise.co.uk. We will respond within one month.

Complaints

If you have a concern about how we handle your data, please contact us first at hello@apiwise.co.uk— we operate an accessible complaints process and will acknowledge your complaint within 30 days. You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint.

Cookies

We use only essential cookies plus cookieless analytics — see our Cookie Policy for details.

Changes to this notice

We may update this notice from time to time. The date at the top shows when it was last revised.