Privacy Policy

Last updated: May 14, 2026

Effective date: 2026-05-14
Last updated: 2026-05-14

This Privacy Policy explains how datacaiman (“we”, “us”, “our”) collects, uses and shares personal data when you use datacaiman.com and related services (the “Service”).

We are committed to protecting your privacy and handling your personal data in a transparent and secure way.

If you have any questions, contact us at:

Controller: datacaiman
Email: [email protected]

1. Who we are and scope

datacaiman is an API platform that provides programmatic access to publicly available web data — including search engines, social media, real estate listings, and more — through a credit-based API.

This policy applies when you:

  • Visit datacaiman.com
  • Create an account and use the Service
  • Make API calls using your API keys
  • Communicate with us (e.g. by email)

2. What data we collect

2.1 Data you provide directly

  • Account data:

    • Email address
    • Password (stored as a hash) or authentication data from a third-party identity provider (if you use OAuth)
    • Display name

  • API keys:

    • Names you assign to your API keys (stored alongside a hash of the key; we do not store the plaintext key after creation)

  • Support and communication data:

    • Emails you send us
    • Other information you voluntarily provide when you contact us

2.2 Data we collect automatically

When you use the Service, we may automatically collect:

  • IP address
  • Browser type and version
  • Operating system
  • Referring URLs
  • Date and time of access
  • Basic usage events (e.g. pages visited)

When you make API calls, we also log technical metadata about each request (such as which endpoint was called, outcome, and timing) for billing, security and service improvement purposes.

We use this information to operate, secure, bill, and improve the Service.

2.3 Payment and billing data

We use third-party payment providers (Polar or Stripe) to handle payments and subscriptions.

  • We do not store your full payment card details on our own servers.
  • The payment provider processes your payment information in accordance with its own privacy policy.
  • We may receive limited billing information, such as billing name, partial card details (e.g. last 4 digits), and transaction dates and status.

We process your personal data for the following purposes and legal bases:

  1. To provide and operate the Service

    • Creating and managing your account and API keys
    • Tracking credit consumption and enforcing plan limits
    • Processing payments and managing subscriptions
      Legal basis: Performance of a contract (Art. 6(1)(b) GDPR)

  2. To secure and maintain the Service

    • Preventing abuse and unauthorized access
    • Monitoring performance and availability
    • Detecting and investigating errors and incidents
      Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

  3. To improve the Service

    • Analyzing usage patterns
    • Developing new endpoints and features
      Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); where required for certain analytics cookies, your consent (Art. 6(1)(a) GDPR)

  4. To communicate with you

    • Responding to support requests
    • Sending important service-related emails (e.g. billing, security, critical changes)
      Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) and legitimate interests (Art. 6(1)(f) GDPR)

  5. To comply with legal obligations

    • Accounting, tax and regulatory requirements
    • Responding to lawful requests from authorities
      Legal basis: Legal obligation (Art. 6(1)(c) GDPR)

4. API call logs

We log technical metadata for each API call made using your key for billing, security and debugging purposes. We retain these logs for as long as your account is active and for a reasonable period thereafter.

5. How we share personal data

We may share personal data with:

  1. Service providers / processors

    • Hosting and infrastructure providers
    • Payment processors and subscription management services
    • Analytics and logging providers
    • Customer support tools

    These providers process data on our behalf and only as instructed by us.

  2. Legal and regulatory authorities

    • Where required to comply with applicable laws or to respond to lawful requests.

  3. Business transfers

    • In connection with a merger, acquisition or sale of all or part of our business, personal data may be transferred as part of the transaction, subject to appropriate safeguards.

We do not sell your personal data.

6. International transfers

Our service providers may be located in countries outside your jurisdiction. When personal data is transferred outside the European Economic Area (EEA), we take appropriate measures to ensure an adequate level of protection, such as relying on adequacy decisions or using standard contractual clauses approved by the European Commission.

7. Data retention

We keep personal data only for as long as necessary for the purposes described in this policy, including:

  • While you have an active account
  • For a reasonable period after account closure, for legal obligations (e.g. tax, accounting), dispute resolution, and security purposes

API call logs are retained for the duration of your account and for a reasonable period after closure. You can request deletion of your account and associated data at any time.

We may retain aggregated, anonymized information that does not identify you for longer periods.

8. Your rights (GDPR)

If you are in the EU/EEA or a similar jurisdiction, you may have the following rights, subject to conditions and limitations:

  • Right of access – to know whether we process your data and obtain a copy
  • Right to rectification – to correct inaccurate or incomplete data
  • Right to erasure – to request deletion of your personal data
  • Right to restrict processing – to limit how we use your data in certain cases
  • Right to data portability – to receive your data in a structured, commonly used format
  • Right to object – to object to processing based on legitimate interests
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time

To exercise your rights, contact us at [email protected]. You also have the right to lodge a complaint with your local data protection authority.

9. Security

We take reasonable technical and organizational measures to protect personal data, including:

  • Encryption in transit (HTTPS)
  • API keys stored as hashes — the plaintext key is shown only once at creation
  • Passwords stored using strong hashing algorithms
  • Limiting access to personal data to personnel and providers who need it

No system is completely secure, but we work to reduce the risk of unauthorized access or disclosure.

10. Children

The Service is not intended for children under 16 years of age, and we do not knowingly collect personal data from children under 16. If you believe a child has provided us personal data, please contact us so we can delete it.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page indicates when it was last revised. If we make significant changes, we may notify you via the Service or by email, where appropriate.

If you continue to use the Service after changes take effect, you accept the updated policy.