Holdify Holdify

Legal

Privacy Policy

Last updated: 27 December 2025

1. Introduction

This Privacy Policy explains how Holdify ("we", "us", or "our") collects, uses, and protects personal data when you use our website, API, and related services (the "Service"). Holdify is API access control for subscription businesses that helps developers manage API keys, enforce rate limits, and track usage.

By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Data Controller

The data controller for the personal data processed through the Service is:

  • Company: Holdify
  • KvK: 96365323
  • VAT ID: NL005205735B40
  • Email: privacy@holdify.io

3. Data We Collect

3.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (if provided)
  • Organization name
  • Billing information (processed by our payment provider)

3.2 Service Data

When you use our API, we process:

  • API key identifiers (not the full key after creation)
  • Request metadata (timestamps, IP addresses, user agents)
  • Usage metrics (request counts, rate limit events)
  • Audit logs (key creation, rotation, revocation events)

3.3 What We Do NOT Collect

We do not collect or store:

  • Your customers' personal data or API request payloads
  • Payment card numbers (handled by your payment provider)
  • Passwords (we use secure authentication providers)

3.4 Cookies and Analytics

We use essential cookies for session management and optional analytics (Google Analytics) to understand how visitors use our website. You can disable analytics cookies in your browser settings.

4. How We Use Your Data

We use your data to:

  • Provide, maintain, and improve the Service
  • Process API verification requests
  • Enforce rate limits and usage quotas
  • Generate usage reports and audit logs
  • Send service-related communications
  • Respond to support requests
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

5. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contract: Processing necessary to provide the Service you requested
  • Legitimate interests: Security, fraud prevention, service improvement
  • Consent: Marketing communications (you can opt out anytime)
  • Legal obligation: Compliance with applicable laws

6. Data Sharing and Sub-processors

We share data only with service providers necessary to operate the Service:

  • Cloudflare: Hosting, CDN, and security (USA/EU)
  • Payment Providers: Payment processing and subscription management (Polar, Stripe, etc.)
  • MailerLite: Email communications (EU)
  • Google Analytics: Website analytics (USA)

We do not sell your personal data to third parties.

7. International Data Transfers

Some of our sub-processors are located outside the European Economic Area (EEA). We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and adequacy decisions where applicable.

8. Data Retention

We retain data for the following periods:

  • Account data: Until account deletion, plus 30 days
  • Usage data: According to your plan's retention period (3-90 days)
  • Audit logs: According to your plan's retention period
  • Billing records: 7 years (legal requirement)

9. Your Rights

Under GDPR and similar laws, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a portable format
  • Object: Object to processing based on legitimate interests
  • Withdraw consent: Where processing is based on consent

To exercise these rights, contact us at privacy@holdify.io. You also have the right to lodge a complaint with your local data protection authority.

10. Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), encryption at rest, access controls, and regular security assessments. For more details, see our Security page.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the Service. Continued use after changes constitutes acceptance of the updated policy.

12. Contact

For privacy-related inquiries, contact us at privacy@holdify.io.