Privacy Policy
Last updated: April 2026
1. Data We Collect
- Email address (for authentication and billing)
- Device UDIDs (required for certificate issuance)
- API key usage metadata (rate, request count)
- Payment metadata from Whop (amount, checkout ID)
2. Data We Do NOT Collect
We do not collect End Customer PII. The external_id field you provide is treated as an opaque string.
3. Data Retention
Certificate artifacts are stored encrypted. Artifacts older than 30 days may be purged. Credit ledger and audit log are retained for the life of your account.
4. Third Parties
We use Resend (email delivery), Whop (payment processing), and Vercel (hosting). See their respective privacy policies.
5. Contact
For privacy inquiries, email privacy@arcticsign.app.