Privacy Policy

Last Updated: October 22, 2025

1. Introduction

API Pilot ("we", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our product, API Pilot: Interceptor and Mocker ("the Service").

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (optional)
  • Password (hashed using bcrypt and securely stored)

2.2 API Request Data

The browser extension intercepts and captures API request data locally on your device. Supported data types include:

  • HTTP Headers
  • Request/Response Bodies (JSON, Text)
  • URLs, Query Parameters, and Timing Information

Important: All intercepted API data is processed and stored locally in your browser using IndexedDB. We do NOT collect, transmit, or store your API data on our servers. Your request history never leaves your device.

2.3 Usage Analytics & Tracking

No Tracking Policy: We do NOT collect, store, or transmit any usage analytics, telemetry data, or behavioral tracking. The extension operates entirely locally.

2.4 Payment Information

Payment processing is handled by Dodo Payments. We do not store your credit card information. We only receive transaction confirmation and subscription status.

2.5 Support Tickets

When you contact support, we store:

  • Your messages and support requests
  • Screenshots you voluntarily upload
  • Ticket metadata (status, priority, category)

3. How We Use Your Information

We use collected information for:

  • Providing and maintaining the Service
  • Processing your subscription and payments
  • Responding to support requests
  • Sending important account notifications
  • Preventing fraud and abuse

4. Data Storage and Security

Local-First Architecture: We implement industry-standard security measures to protect your data:

  • Local Storage: All intercepted API data is stored locally in your browser's IndexedDB.
  • Account security: All account passwords are hashed using bcrypt (never stored in plain text)
  • Transmission security: All communication with our auth/payment servers uses HTTPS/TLS encryption

5. Data Sharing and Third Parties

We do NOT sell your personal information. We only share data with:

  • Dodo Payments: For payment processing (required for subscriptions)
  • Cloud Hosting Provider: For server infrastructure (data is encrypted)
  • Legal Authorities: If required by law or to protect our rights

6. Your Rights and Choices

You have the right to:

  • Access: View your account data at any time
  • Export: Download your stored data directly from the app
  • Delete: Request account deletion (removes all associated server data) or clear local storage
  • Correct: Update your account information

To exercise these rights, contact us at apipilot@nhrdev.com

7. Data Retention

Minimal Data Retention: We retain only the minimum data necessary for service operation:

  • Account data: Until you delete your account
  • Local API Data: Retained on your device until you clear it locally.
  • Support tickets: For 2 years after resolution
  • Payment records: As required by law (typically 7 years)

8. Browser Extension Permissions

Local-Only Operation: Our extension operates entirely within your browser and never transmits your API data to external servers. The extension requires these permissions:

  • Declarative Net Request: To intercept and modify network requests for debugging
  • Active Tab: To inject scripts for request monitoring on the current page
  • Storage: To store your request history locally on your device

These permissions are necessary for core functionality. The extension only accesses your network requests for the purpose of debugging and never collects, tracks, or reports any usage data to external services.

9. Children's Privacy

Our Service is not intended for users under 13 years of age. We do not knowingly collect information from children under 13. If you believe we have collected such information, please contact us immediately.

10. International Users

Our servers are located in Singapore. By using the Service, you consent to the transfer of your information to our servers. We comply with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Posting the new policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification for major changes

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: