Privacy Policy

Your privacy is important to us. This policy explains how we handle your data.

Effective Date: March 10, 2026

1. Data Controller and Data Processor

Igniral is operated by an individual (persona física con actividad empresarial) based in Mexico. For any questions regarding data protection, you can contact us at:

Role Distinction: For your Account, Usage, and Payment Information, Igniral acts as the Data Controller. However, for any Service Data (including files uploaded to your endpoints and API User Data), you are the Data Controller and Igniral acts solely as a Data Processor on your behalf.

As a smaller business, we do not have a designated Data Protection Officer, but we take data protection seriously and will respond to all privacy-related inquiries within 30 days.

2. Information We Collect

We collect different types of information depending on how you interact with our services:

2.1 Account Information

  • Registration Data: Email address, name, and password (hashed and never stored in plain text)
  • Authentication Data: Two-factor authentication (2FA/TOTP) secrets if enabled
  • Profile Information: Any additional information you voluntarily provide

2.2 Service Data

  • Application Configurations: API schemas, endpoint definitions, access control rules you create.
  • Stored Data and Files: Any data you store through your APIs, including files uploaded to file endpoints. You retain all rights and full responsibility for this data. By uploading files or data, you represent and warrant that you have all necessary legal rights, consents, and permissions to store and process such information on our platform.
  • API User Data: Information about users you create within your private applications.

2.3 Usage Information

  • API Metrics: Request counts, latency, error rates, and endpoint usage statistics
  • Log Data: IP addresses, browser type, access times, and pages viewed
  • Feature Usage: Information about which features and tools you use

2.4 Payment Information

  • Billing Data: Processed securely through Stripe. We do not store your complete credit card numbers on our servers.
  • Transaction Records: Subscription history, payment dates, and invoice information

3. AI and Automated Processing

Igniral uses artificial intelligence to enhance your experience:

  • AI Schema Builder: Our AI analyzes your input to suggest optimal API schema structures. This processing is done to provide the service you requested.
  • Smart Type Inference: Automatic field type suggestions based on attribute names.

AI processing is performed solely to provide requested features. We do not use your data to train AI models without explicit consent, and AI-generated suggestions are always subject to your review and approval.

4. File Upload, Malware Scanning, and Content Responsibility

You are solely responsible for the content, legality, reliability, and appropriateness of all files you upload to your endpoints. You agree not to upload highly sensitive regulated data (such as HIPAA-protected health information or full PCI-DSS credit card data) within your files.

When you upload files to your file endpoints, we perform automated malware scanning to protect our platform and users. This scanning:

  • Analyzes files for known malware signatures and suspicious patterns.
  • May reject or delete files that are identified as potentially harmful.
  • Is performed in automated systems without human review of file contents.

We do not claim ownership, access, or review the contents of your files unless explicitly required by law, court order, or to investigate severe security incidents.

5. Legal Basis for Processing

We process your data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the services you signed up for (account management, API hosting, data storage)
  • Legitimate Interests: Service improvement, security monitoring, fraud prevention, and platform analytics
  • Legal Obligations: Compliance with applicable laws, tax requirements, and lawful government requests
  • Consent: For optional features like marketing communications (which you can withdraw at any time)

6. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and manage your subscription
  • Send technical notices, updates, security alerts, and support messages
  • Respond to your comments, questions, and customer service requests
  • Monitor and analyze usage trends and platform performance
  • Detect, investigate, and prevent fraudulent or unauthorized activities
  • Enforce our Terms of Service and other policies

7. Data Sharing and Third Parties

We minimize data sharing and only work with essential service providers:

7.1 Payment Processing

Stripe, Inc. processes all payment transactions. When you subscribe to a paid plan, your payment information is transmitted directly to Stripe. Please review Stripe's Privacy Policy for details on how they handle your information.

7.2 Infrastructure Providers

Google Cloud Platform (GCP) hosts our services. Data is stored in the following regions:

  • us-central1 (Iowa, USA)
  • northamerica-south1 (Mexico)

Google acts as a data processor under our instructions and maintains comprehensive security certifications (ISO 27001, SOC 2, etc.).

7.3 We Do NOT:

  • Sell your personal data to third parties
  • Share your data with advertisers
  • Use third-party analytics or tracking services for advertising purposes

7.4 Legal Disclosure

We may disclose your information if required by law, court order, or government request, or to protect the rights, property, or safety of Igniral, our users, or others.

8. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in Transit: All data transmitted between you and our servers uses TLS/HTTPS encryption
  • Encryption at Rest: Data stored on our servers is encrypted using AES-256 encryption
  • Password Security: Passwords are hashed using secure algorithms (never stored in plain text)
  • 2FA Support: Two-factor authentication available for enhanced account security
  • Access Controls: Strict authentication and authorization mechanisms
  • Rate Limiting: Protection against brute force and abuse attacks
  • Regular Audits: Security assessments and vulnerability monitoring

8.1 Data Breach Notification

In the event of a data breach that affects your personal information:

  • EU Users (GDPR): We will notify the relevant supervisory authority within 72 hours and affected users without undue delay
  • California Users (CCPA): We will notify affected residents within 30 calendar days of discovery
  • All Users: We will notify you promptly and provide guidance on protective measures

While we implement robust security measures, no system is 100% secure. We encourage you to use strong passwords and enable 2FA.

9. Data Retention

We retain your data for the following periods:

  • Account Data: Retained while your account is active and for 30 days after deletion request to allow recovery
  • Service Data: Retained while your account is active; deleted upon account deletion
  • Usage Logs: Retained for up to 90 days for security and analytics purposes
  • Transaction Records: Retained for 7 years to comply with tax and financial regulations
  • Backups: Retained for up to 30 days for disaster recovery purposes

You may request data deletion at any time through your account settings or by contacting us directly.

10. Cookies and Session Management

We use essential cookies and similar technologies to operate our services:

  • Session Cookies: To maintain your login state and authentication
  • Security Tokens: JWT tokens for API authentication and access control
  • CSRF Protection: Cookies to prevent cross-site request forgery attacks
  • Preferences: To remember your settings and preferences

We do not use third-party tracking cookies for advertising purposes. All cookies we use are essential for service functionality.

11. Your Rights

Regardless of your location, we provide you with the following rights regarding your personal data:

  • Access: Request a copy of the personal information we hold about you
  • Rectification: Request correction of inaccurate, incomplete, or outdated personal information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Portability: Request export of your data in a machine-readable format
  • Restriction: Request limitation of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw previously given consent at any time

To exercise these rights, contact us at privacy@igniral.com. We will respond within 30 days.

12. Information for European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation:

  • Right to Lodge a Complaint: You have the right to file a complaint with your local data protection authority
  • International Transfers: Your data is stored in North American data centers (USA and Mexico). We ensure appropriate safeguards are in place for any data transfers.

By using our services from the EEA, you acknowledge that your data will be transferred to and processed in North America.

13. Information for California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights:

  • Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you
  • Right to Correct: You have the right to request correction of inaccurate personal information
  • Right to Delete: You have the right to request deletion of your personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
  • No Sale of Data: We do not sell your personal information to third parties as defined under the CCPA
  • Global Privacy Control: We honor Global Privacy Control (GPC) signals. If your browser or device sends a GPC signal, we will treat it as a valid opt-out request

To exercise your CCPA/CPRA rights, contact us at privacy@igniral.com.

14. Aviso de Privacidad para México (LFPDPPP)

En cumplimiento con la Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP), informamos lo siguiente:

14.1 Identidad, Domicilio y Roles del Tratamiento

Igniral, operado por una persona física con actividad empresarial con domicilio en México. Para efectos de esta política:

  • Como Responsable: Igniral decide sobre el tratamiento de los datos de su cuenta, facturación y uso de la plataforma.
  • Como Encargado: Respecto a los archivos, bases de datos y registros que usted sube o procesa a través de sus APIs (Service Data), Igniral actúa únicamente como Encargado del tratamiento. Usted es el Responsable legal frente a los titulares de esa información y garantiza contar con las bases legales para transferirnos dichos datos para su alojamiento.

Para cualquier asunto relacionado con el tratamiento de sus datos personales, puede contactarnos a:

14.2 Datos Personales Recabados

Recabamos los siguientes datos personales:

  • Datos de identificación: Nombre completo, correo electrónico
  • Datos de autenticación: Contraseña (cifrada), secretos de 2FA
  • Datos de uso: Direcciones IP, métricas de API, configuraciones de aplicaciones
  • Datos financieros: Información de facturación procesada a través de Stripe

No recabamos datos personales sensibles (origen racial, estado de salud, orientación sexual, creencias religiosas, etc.).

14.3 Finalidades del Tratamiento

Finalidades Primarias (necesarias para el servicio):

  • Crear y administrar su cuenta de usuario
  • Proporcionar los servicios de API que usted contrate
  • Procesar pagos y gestionar suscripciones
  • Enviar notificaciones técnicas y de seguridad
  • Atender solicitudes de soporte técnico

Finalidades Secundarias (opcionales):

  • Enviar comunicaciones promocionales sobre nuevas funcionalidades
  • Realizar análisis estadísticos para mejorar el servicio

Si no desea que sus datos sean tratados para finalidades secundarias, puede manifestar su negativa enviando un correo a privacy@igniral.com con el asunto "Negativa Finalidades Secundarias".

14.4 Transferencias de Datos

Sus datos personales pueden ser transferidos a:

  • Stripe, Inc. (Estados Unidos) - Para procesamiento de pagos
  • Google Cloud Platform (Estados Unidos y México) - Para alojamiento de infraestructura

Estas transferencias se realizan conforme a los artículos aplicables de la LFPDPPP y sus reglamentos. Al utilizar nuestros servicios, usted consiente estas transferencias.

14.5 Derechos ARCO

Usted tiene derecho a:

  • Acceso: Conocer qué datos personales tenemos y cómo los usamos
  • Rectificación: Solicitar la corrección de datos incorrectos, incompletos o desactualizados
  • Cancelación: Solicitar la eliminación de sus datos personales mediante el proceso de bloqueo y supresión
  • Oposición: Oponerse al tratamiento de sus datos para ciertas finalidades

Procedimiento para ejercer derechos ARCO:

  1. Envíe un correo electrónico a privacy@igniral.com
  2. Incluya: nombre completo, correo electrónico registrado, descripción clara del derecho que desea ejercer, y documentos que acrediten su identidad
  3. Responderemos en un plazo máximo de 20 días hábiles
  4. Si la solicitud es procedente, se hará efectiva dentro de los 15 días hábiles siguientes

14.6 Revocación del Consentimiento

Usted puede revocar el consentimiento otorgado para el tratamiento de sus datos personales en cualquier momento, siguiendo el mismo procedimiento descrito para los derechos ARCO. Tenga en cuenta que la revocación puede resultar en la imposibilidad de continuar proporcionándole nuestros servicios.

14.7 Limitación del Uso o Divulgación

Si desea limitar el uso o divulgación de sus datos personales, puede solicitarlo a través de privacy@igniral.com. Confirmaremos su inscripción en nuestro listado de exclusión.

14.8 Autoridad Reguladora

Si considera que su derecho a la protección de datos personales ha sido vulnerado, puede acudir a la Secretaría de Anticorrupción y Buen Gobierno (autoridad competente para recibir denuncias relacionadas con la LFPDPPP).

15. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@igniral.com so we can delete such information.

16. International Data Transfers

Your data is stored and processed in data centers located in:

  • United States: us-central1 (Iowa)
  • Mexico: northamerica-south1 (Querétaro)

If you access our services from outside North America, please be aware that your data will be transferred to and processed in these regions. By using our services, you consent to this transfer.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

  • We will update the "Effective Date" at the top of this page
  • For significant changes, we will notify you via email or through a prominent notice on our platform

We encourage you to review this policy periodically. Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

We aim to respond to all privacy-related inquiries within 30 days.