Back to Headless Oracle

Privacy Policy

Last updated: March 2, 2026

01 Overview

Headless Oracle ("we", "us", "our") operates headlessoracle.com. This privacy policy explains how we collect, use, and protect your information. We are designed with architectural data minimisation — the safest way to handle user data is not to collect it in the first place.

02 What We Collect

  • API key and email address — when you sign up for a paid plan, used for authentication and account management.
  • API usage data — request counts, endpoints called, MIC codes queried, and timestamps. Stored in our audit log for operational integrity.
  • IP address — logged temporarily for rate-limiting and DDoS protection, then purged.
  • Payment information — processed by Paddle, our merchant of record. We do not store card details.

03 What We Don't Collect

  • We do not track individual browsing behaviour on this website.
  • We do not use cookies for advertising or tracking.
  • We do not collect portfolio holdings, trading positions, or account balances.
  • We do not collect wallet addresses or private keys.
  • The demo endpoint requires no personal information whatsoever.

04 How We Use Your Data

  • To provide and maintain the API service.
  • To process payments via Paddle.
  • To communicate service updates and billing information.
  • To enforce rate limits and prevent abuse.
  • To maintain audit logs as evidence of operational integrity (dispute resolution).

05 Data Retention

  • API usage logs are retained for 90 days, then permanently deleted.
  • Account information is retained while your subscription is active.
  • You may request deletion of your data at any time by emailing [email protected].

06 Third Parties

We share data only with the service providers necessary to operate the platform:

Paddle (paddle.com)
Payment processing and merchant of record. Paddle receives billing information and processes payments on our behalf.
Cloudflare (cloudflare.com)
Hosting, CDN, and DDoS protection. Cloudflare processes network requests on our behalf.
Supabase (supabase.com)
Database hosting for API keys and usage logs.
Resend (resend.com)
Transactional email delivery for account and billing notifications.

We do not sell your data to third parties. We do not use your data for advertising.

07 Your Rights

You may request access to, correction of, or deletion of your personal data at any time by contacting [email protected]. We will respond within 30 days.

08 Changes

We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of the service after changes constitutes acceptance.

09 Contact

[email protected]