Legal

Privacy Policy

Last updated: March 13, 2026

1. Overview

FaviconAPIs ("we," "us," or "our") operates the website located at faviconapis.com and the associated API service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services. Please read this policy carefully.

2. Information We Collect

Account information. When you register, we collect your name, email address, and (if using password auth) a hashed password. If you sign in with Google, we receive your name, email, and profile picture from Google.

Usage data. We log API requests including timestamps, the URL parameter passed, response status codes, and your API key identifier. We do not log the content of the favicons we retrieve on your behalf.

Billing information. Payment processing is handled by Stripe. We do not store your card number or payment details on our servers. We receive a customer ID and subscription status from Stripe.

Technical data. Standard web server logs including IP address, browser type, referring URL, and pages visited. This information is used for security and to diagnose technical issues.

3. How We Use Your Information

  • Provide, operate, and maintain the FaviconAPIs service
  • Process transactions and send related billing information
  • Send transactional emails (account verification, password reset)
  • Monitor usage to enforce plan limits and prevent abuse
  • Improve and personalize the service
  • Respond to support requests and inquiries
  • Comply with legal obligations

4. Third-Party Services

We share data with the following third parties only as necessary to operate the service:

Google OAuthUsed for social sign-in. Subject to Google's Privacy Policy.
StripePayment processing. Card data never touches our servers.
DigitalOcean SpacesCDN storage for processed favicon images.
PostmarkTransactional email delivery (verification, billing notices).
MongoDB Atlas / RailwayHosted database for account and usage data.

We do not sell your personal data to any third party.

5. Data Retention

Account data is retained for as long as your account is active. API request logs are retained for up to 90 days for debugging and abuse prevention. Cached favicon images are retained in CDN storage for 7 days per item, after which they are re-fetched on next request. You may request deletion of your account and associated data at any time by contacting us.

6. Cookies & Tracking

We use session cookies for authentication (managed by NextAuth.js) and do not use third-party advertising or analytics cookies. We do not run Google Analytics, Meta Pixel, or similar tracking tools. The only cookies set are strictly necessary for maintaining your authenticated session.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data; object to or restrict certain processing; and data portability. To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

8. Security

We use industry-standard measures including TLS encryption in transit, hashed passwords (bcrypt), and access-controlled infrastructure. No system is 100% secure; we cannot guarantee absolute security but will notify affected users of any confirmed data breach in accordance with applicable law.

9. Children's Privacy

FaviconAPIs is not directed to children under the age of 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such data, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the service after any changes constitutes acceptance of the updated policy.

11. Contact

Questions about this Privacy Policy? Contact us at [email protected].

Terms of Service← Back to home