How EazeMyAPI collects, stores, and protects your data — and the data of your users. Transparent, plain-language, no legalese.
Last updated: June 1, 2026
The short version: Your data belongs to you. We store only what is necessary to operate the platform. We never sell your data or your users' data to third parties. You can delete everything at any time. We support GDPR rights for users in the EU and EEA.
EazeMyAPI collects the minimum data necessary to provide, operate, and improve the platform. We do not collect data speculatively.
When you create an account, we collect your email address, name (optional), and a hashed password. We do not store plain-text passwords at any point.
We collect API request logs including endpoint called, HTTP status code, response time, timestamp, and the API key used. We do not log request or response bodies by default. Request body logging can be enabled per project from your dashboard for debugging purposes and is stored for a maximum of 7 days.
Paid plan billing is processed by our payment provider. We store your plan tier, billing cycle, and invoice history. We do not store credit card numbers — those are held exclusively by the payment processor under their own PCI-DSS compliance.
Your database schema, table definitions, and any data you store via your API endpoints are stored in your isolated project database. This is your data, not ours.
We collect anonymized, aggregate usage metrics — total requests per day, error rates, feature adoption — to understand how the platform is used and where to invest engineering effort. This data cannot be linked back to individual users or projects.
We use your data for the following purposes only:
We do not use your data for advertising, profiling, or any purpose not listed above.
When you build a product on EazeMyAPI, your end users may register accounts and store data through your API. This section explains how that data is handled.
In privacy law terms, you are the data controller for your users' data. EazeMyAPI acts as a data processor — we process data on your behalf according to your instructions (your schema and API configuration). Your privacy policy should inform your users about how their data is handled.
We will never contact, market to, or communicate directly with your end users. We do not have access to your users' email addresses unless they are explicitly stored in your project schema, and even then we do not use them.
We use a limited number of infrastructure sub-processors (cloud hosting, database services) to operate the platform. All sub-processors are bound by data processing agreements and operate under equivalent data protection standards. Contact privacy@eazemyapi.com for a full list of current sub-processors.
Project data is stored in isolated relational databases hosted on cloud infrastructure. By default, data is stored in servers located in India. Paid plans may request data residency in other regions including the EU, US, or Singapore.
All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Database encryption keys are managed by the platform's key management service and are rotated annually.
Access to production databases is restricted to a small number of engineering staff on a need-to-know basis, requires multi-factor authentication, and is fully audited. No EazeMyAPI employee has standing access to your project data — access requires an active justification and is reviewed.
EazeMyAPI supports the rights of individuals under the General Data Protection Regulation (GDPR) for users in the EU and EEA. If you are a user located in the EU/EEA, you have the following rights regarding your personal data:
Request a copy of the personal data we hold about you.
Request correction of inaccurate or incomplete personal data.
Request deletion of your personal data ("right to be forgotten").
Request that we restrict processing of your data in certain circumstances.
Request your data in a machine-readable format for transfer to another service.
Object to processing of your data based on legitimate interests.
To exercise any of these rights, email privacy@eazemyapi.com. We will respond within 30 days. Identity verification may be required before we can process sensitive requests.
For GDPR purposes, EazeMyAPI (operated by Yogi Technolabs Pvt. Ltd.) is the data controller for account and usage data. Our legal basis for processing is (a) contractual necessity for operating the platform, and (b) legitimate interests for security and fraud prevention.
When you delete a project from your dashboard, the project database, all schema definitions, all API keys, and all stored data within that project are permanently deleted within 30 days. Deletion is irreversible. We recommend exporting your data before deleting a project.
When you close your EazeMyAPI account, all projects and their associated data are scheduled for permanent deletion within 30 days. Your email address is retained in a suppression list to prevent accidental re-registration and to honor any opt-out preferences, but all other personal data is deleted.
Some records may be retained beyond the deletion period where required by law — for example, billing records may be retained for 7 years for tax compliance. These records are the minimum necessary and do not include project data or API content.
If you require deletion of your data sooner than the standard 30-day window, contact privacy@eazemyapi.com and we will process the request within 72 hours.
EazeMyAPI does not sell, rent, license, or otherwise transfer your personal data or your users' data to third parties for commercial purposes. This is not a legal technicality — it is a core commitment.
We do not participate in data broker markets. We do not share data with advertising networks. We do not use your project data to train AI models. Our business model is subscription revenue from builders who use the platform — your data is never part of how we make money.
This commitment applies equally to anonymized or aggregated data derived from your projects. We do not sell aggregate usage patterns, schema structures, or any derivative of your project data.
For privacy questions, GDPR rights requests, data deletion, or sub-processor inquiries:
If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.
This privacy page does not constitute a legally binding privacy policy. For the full legal privacy policy, see our Privacy Policy. For terms of service, see our Terms of Service.