Privacy Policy

1. Who We Are

Yogi Technolabs Pvt. Ltd. ("Company", "we", "us", or "our") is a company incorporated under the laws of India (yogitechnolabs.com). We operate the brand EazeMyAPI, including the website eazemyapi.com and the platform at app.eazemyapi.com (collectively, the "Service"). EazeMyAPI is an AI-powered, no-code backend builder that auto-generates REST APIs from database tables.

For the purposes of applicable data protection laws, Yogi Technolabs Pvt. Ltd. is the data controller with respect to personal data you provide when using our Service.

Contact: For all privacy-related enquiries, write to support@eazemyapi.com or address correspondence to Yogi Technolabs Pvt. Ltd. (EazeMyAPI).

2. Data We Collect

We collect the minimum data needed to deliver and improve the Service.

2.1 Account & Identity Data

Name and email address (collected at registration)
Password (stored as a hashed, salted value — never in plain text)
Profile details you voluntarily add (e.g., company name, role)
OAuth tokens when you sign in via a third-party provider (e.g., Google)

2.2 Usage & Activity Data

Projects, tables, and API schemas you create inside the platform
API request logs including endpoint called, timestamp, HTTP method, response status code, and request payload size (not content)
Feature interactions (button clicks, navigation paths) used to improve UX
Credit balance, usage counts, and plan tier

2.3 Technical & Device Data

IP address at login and on API calls
Browser type and version, operating system
Referring URL and pages visited on our marketing site
Session duration and bounce data via analytics

2.4 Payment Data

We use third-party payment processors. We do not store full credit card numbers, CVVs, or raw payment credentials on our servers. We receive only a payment processor token, last-four card digits, expiry, and billing address for billing records.

2.5 Customer-Stored Data ("User Content")

Data that you or your end-users store in the databases you create through EazeMyAPI (rows, records, files) is your data ("User Content"). We process it solely to operate the Service on your behalf and do not use it for our own analytics, advertising, or any purpose other than providing the Service.

3. How We Collect Data

Source	Examples
Directly from you	Sign-up forms, profile settings, support tickets, survey responses
Automatically	Server logs, cookies, pixels, SDK telemetry when you use the platform
Third-party providers	OAuth login providers (Google), payment processors, analytics tools
Your end-users	Data stored through your application's API calls to EazeMyAPI

4. How We Use Your Data

Provide the Service — authenticate your account, execute your API requests, store your data, send transactional emails (e.g., email verification, password reset)
Billing & Subscriptions — process payments, issue invoices, enforce plan limits, send billing notifications
Security & Fraud Prevention — detect abuse, brute-force attacks, and unauthorized access; enforce rate limits
Product Improvement — aggregate, anonymized analytics to understand feature usage and prioritize roadmap items
Customer Support — respond to your tickets and troubleshoot issues
Legal Compliance — meet obligations under applicable laws, respond to lawful requests from authorities
Marketing Communications — send product updates, feature announcements, or relevant content (only where you have opted in or we have a legitimate interest; you can unsubscribe at any time)

We do not use your personal data to train AI or machine-learning models, nor do we sell it to advertisers or data brokers.

5. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal bases for processing your personal data are:

Purpose	Legal Basis
Account creation and Service delivery	Performance of a contract (Art. 6(1)(b) GDPR)
Payment processing	Performance of a contract (Art. 6(1)(b) GDPR)
Security, fraud prevention	Legitimate interests (Art. 6(1)(f) GDPR)
Analytics and product improvement	Legitimate interests (Art. 6(1)(f) GDPR)
Marketing communications	Consent (Art. 6(1)(a)) or legitimate interests where applicable
Legal obligations	Compliance with legal obligation (Art. 6(1)(c) GDPR)

6. Data Sharing & Disclosure

We do not sell, rent, or trade your personal data. We share data only in the following circumstances:

6.1 Service Providers (Sub-processors)

We engage trusted third-party vendors that process data on our behalf under data processing agreements:

Cloud Hosting: Amazon Web Services (AWS) — servers, databases, object storage
Payment Processing: Stripe or Razorpay — payment collection and fraud detection
Email Delivery: transactional email provider (e.g., SendGrid / Postmark)
Analytics: privacy-respecting analytics (e.g., Plausible / Google Analytics with IP anonymization)
Error Monitoring: Sentry or equivalent for platform stability

6.2 Business Transfers

If EazeMyAPI is involved in a merger, acquisition, asset sale, or restructuring, your data may be transferred. We will notify you before your personal data becomes subject to a different privacy policy.

6.3 Legal Requirements

We may disclose data where required to: (a) comply with a court order, subpoena, or legal process; (b) protect the rights, property, or safety of EazeMyAPI, our users, or the public; (c) investigate suspected fraud or security incidents.

6.4 With Your Consent

We may share data for any other purpose with your explicit prior consent.

7. Cookies & Tracking Technologies

We use cookies and similar technologies (pixels, local storage) on our website and platform. You can control cookies through your browser settings.

Category	Purpose	Can opt out?
Strictly Necessary	Session authentication, CSRF protection, security	No — required for Service to function
Functional	Remember your preferences, UI settings	Yes — disabling may affect experience
Analytics	Understand page traffic and feature usage (anonymized)	Yes — via cookie banner or opt-out link
Marketing	Measure effectiveness of marketing campaigns	Yes — requires consent where required by law

Our marketing site uses a cookie consent banner. When you decline optional cookies, we honor that preference. We do not use advertising networks or behavioral retargeting pixels without your consent.

8. Data Retention

Active accounts: We retain your account data for as long as your account is active.
After deletion: When you delete your account, we will delete or anonymize your personal data within 30 days, subject to legal hold obligations.
Backup copies: Encrypted backup copies may persist for up to 90 days after deletion before being purged from backup rotation.
Financial records: Billing records and invoices are retained for 7 years to comply with accounting and tax regulations.
Security logs: Access and security logs are retained for 12 months for fraud and incident investigation purposes.
User Content: Data you store in your EazeMyAPI databases is deleted immediately on your instruction or within 30 days of account termination.

9. Security

We implement technical and organizational measures to protect your data:

Encryption in transit: All data is transmitted over TLS 1.2 or higher (HTTPS enforced).
Encryption at rest: Databases and storage volumes are encrypted using AES-256.
Access control: Strict role-based access for internal staff; no employee accesses customer data without a logged business justification.
API Key security: API keys are hashed on storage and never returned in full after creation.
Password hashing: Passwords are hashed with bcrypt before storage.
Vulnerability management: We conduct regular dependency audits and security reviews.
Incident response: In the event of a confirmed data breach affecting your personal data, we will notify you within 72 hours of becoming aware (as required by GDPR) or as required by applicable law.

While we take security seriously, no system is completely immune. You are responsible for maintaining the confidentiality of your account credentials and API keys.

10. International Data Transfers

EazeMyAPI operates infrastructure primarily in cloud regions in Asia (AWS Mumbai). If you are located in the EEA, UK, or other regions with cross-border transfer restrictions, your data may be transferred to and processed in countries where data protection laws may differ from your own.

Where required, we rely on appropriate safeguards such as:

EU Standard Contractual Clauses (SCCs) with sub-processors
Adequacy decisions by the European Commission
UK International Data Transfer Agreements (IDTAs) where applicable

By using the Service, you acknowledge this international processing. You may contact us for copies of applicable transfer mechanisms.

11. Your Rights

Depending on your jurisdiction, you may have the following rights over your personal data:

Right	Description
Access	Request a copy of the personal data we hold about you.
Rectification	Correct inaccurate or incomplete data.
Erasure ("Right to be Forgotten")	Request deletion of your personal data, subject to legal retention requirements.
Restriction	Request that we limit processing of your data in certain circumstances.
Portability	Receive your personal data in a structured, machine-readable format.
Objection	Object to processing based on legitimate interests (including marketing).
Withdraw Consent	Withdraw consent at any time where processing is consent-based (without affecting prior lawful processing).
Non-discrimination (CCPA)	California residents will not receive discriminatory treatment for exercising privacy rights.

To exercise any right, email support@eazemyapi.com with the subject line "Privacy Request". We will respond within 30 days (or as required by applicable law). We may need to verify your identity before fulfilling a request.

If you are in the EEA, you have the right to lodge a complaint with your local data protection authority (DPA). We encourage you to contact us first so we can address your concern directly.

12. Children's Privacy

The Service is not directed to children under the age of 16 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data without parental consent, contact us immediately at support@eazemyapi.com and we will delete such data promptly.

13. Third-Party Links

Our website and platform may contain links to third-party websites, documentation hosts, or integrations. This Privacy Policy does not apply to those external services. We encourage you to review the privacy policies of any third-party service you access through our platform. We are not responsible for the content or privacy practices of such third parties.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Update the "Last Updated" date at the top of this page.
Send a notification email to registered users at least 14 days before significant changes take effect.
Display a notice on the platform dashboard.

Your continued use of the Service after changes become effective constitutes acceptance of the revised policy. If you do not agree, you should stop using the Service and delete your account.

15. Contact Us

For privacy questions, data requests, or to report a concern:

Email: support@eazemyapi.com
Subject line: "Privacy Request" or "Privacy Concern"
Response time: We aim to respond within 5 business days for general queries and within 30 days for formal data subject requests.

Table of Contents