Privacy Policy

Last updated: October 29, 2025

Your Privacy Matters

This Privacy Policy explains how we collect, use, and protect your information. By using URLert API, you agree to the practices described here.

1. Introduction

This Privacy Policy describes how URLert API ("we," "us," or "our"), operated by Tomer Heber as a sole proprietorship based in Austin, Texas, United States, collects, uses, and discloses information about you when you use our URL security analysis service, URLert API (the "Service").

URLert API is a new service operated by a single individual. While we are committed to protecting your privacy, we want to be transparent about our current capabilities and limitations. This policy will evolve as the service grows.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect:

  • Email address: Used for account creation, authentication, and communication
  • Password: Stored as a cryptographic hash (we never store plain-text passwords)

We may add additional optional fields in the future (such as organization name), but currently only email and password are collected during registration.

2.2 URLs and Usage Data

When you use our API, we collect and store:

  • URLs submitted for analysis: The web addresses you send to our API for security checks
  • Analysis results: The safety classifications and threat assessments we generate
  • Timestamps: When requests are made
  • Usage metadata: API request counts, patterns, and related technical data

Important Note: While most URLs contain only public website addresses, in rare cases URLs may inadvertently contain personally identifiable information (PII) such as usernames, tokens, or other sensitive data embedded in the URL string. You are responsible for ensuring URLs submitted to our API do not contain sensitive personal information.

2.3 Technical and Log Data

We automatically collect certain technical information, including:

  • IP addresses: Your device's IP address when accessing the Service
  • Browser and device information: Type of browser, operating system, and device used
  • API authentication data: Hashed API keys and authentication tokens
  • Error logs: Technical errors and system diagnostics

Log data, including IP addresses, may be retained for up to 180 days, though this retention period may be adjusted based on operational needs.

2.4 Payment Information

Payment processing is handled entirely by Stripe, our third-party payment processor. We do not collect, store, or have access to your credit card information or full billing details. All payment information, transaction history, and invoices are stored by Stripe. We may access this information through Stripe's platform for account management, billing inquiries, and customer support purposes. Stripe's privacy practices are governed by their own privacy policy.

2.5 Cookies and Tracking

We currently use cookies only for:

  • Authentication: To keep you logged in and maintain your session

We use Sentry for error monitoring and diagnostics to help us identify and fix technical issues. Sentry may collect technical information such as error messages, stack traces, browser information, and anonymized usage data.

We do not use advertising cookies or third-party marketing trackers.

3. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Process API requests and deliver URL security analysis
  • Maintain accounts: Authenticate users and manage account access
  • Process payments: Handle billing and credit management (via Stripe)
  • Improve our AI models: Train and enhance our threat detection algorithms and machine learning models
  • Improve the Service: Analyze usage patterns, fix bugs, and optimize performance
  • Communicate with you: Send transactional emails (verification, password resets)
  • Detect abuse: Identify fraudulent activity, rate limit violations, and security threats
  • Comply with legal obligations: Respond to legal requests and enforce our Terms

3.1 AI Training and Model Improvement

The data you submit (URLs and analysis results) may be used to train, test, and improve our artificial intelligence and machine learning models. This helps us:

  • Detect new and emerging threats
  • Improve accuracy and reduce false positives/negatives
  • Develop better threat classification algorithms

Since our Service analyzes publicly accessible URLs, we do not anonymize this data before training. If your submitted URLs contain sensitive information, it may be included in our training datasets.

4. How We Share Your Information

4.1 Current Practice

We do not currently share your information with third parties for marketing or commercial purposes. The following third parties have access to certain data as necessary to operate the Service:

  • Stripe: Our payment processor handles all billing and payment data
  • Google Cloud Platform: Our hosting provider and infrastructure (including Vertex AI for machine learning)
  • MongoDB: Our database provider stores account and usage data
  • Sentry: Our error monitoring service collects technical error data and diagnostics

4.2 Future Sharing

We reserve the right to share information in the following circumstances:

  • With your consent: When you explicitly authorize us to share information
  • Service providers: With vendors who assist in operating the Service under confidentiality obligations (e.g., email service providers, error monitoring tools like Sentry)
  • Legal compliance: When required by law, court order, subpoena, or government request
  • Law enforcement: In response to valid legal requests from law enforcement authorities
  • Safety and security: To protect our rights, property, safety, or that of our users or the public
  • Business transfers: In connection with a merger, acquisition, bankruptcy, or sale of assets
  • AI/ML partners: We may share data with third-party AI service providers to improve our models

5. Third-Party Services

5.1 Google Cloud Platform (GCP)

We use Google Cloud Platform for hosting, infrastructure, and AI/ML services (specifically Gemini via Vertex AI). URLs and data you submit may be processed by Google's services to provide AI-powered threat analysis. Google's data handling practices are governed by their privacy policies.

5.2 Stripe (Payment Processing)

All payment transactions are processed by Stripe. We do not have access to your payment card details. Stripe's collection and use of your payment information is subject to their privacy policy.

5.3 Email Service Provider

We will use a third-party email service provider (to be determined) to send transactional emails such as account verification and password resets. Your email address will be shared with this provider for this purpose.

6. Data Retention

We retain your information as follows:

  • Account information: Retained until you request account deletion or until we determine it's no longer necessary
  • URLs and analysis results: Stored indefinitely for AI training and service improvement, unless you request deletion or we implement a time-to-live (TTL) policy
  • Log data (including IP addresses): Retained for approximately 180 days, subject to change based on operational needs
  • Payment records: Retained in accordance with Stripe's policies and tax/legal requirements

As a new service, we may implement data retention policies (such as automatic deletion after a specified time period) in the future. This policy will be updated to reflect any such changes.

7. Your Rights and Choices

7.1 Access and Deletion

You have the right to:

  • Request access: Ask to see what information we have about you
  • Request deletion: Ask us to delete your account and associated data
  • Request data portability: Receive a copy of your data in a portable format

To exercise these rights, contact us at support@urlert.com. We will process requests within a reasonable timeframe.

Important: Due to the nature of AI training, data that has been incorporated into trained machine learning models may not be fully removable even after deletion requests are processed.

7.2 Account Closure

You may close your account at any time by contacting us. Upon account closure, we will delete your account information, though we may retain certain data for legal, operational, or AI training purposes as described in this policy.

7.3 Marketing Communications

We do not currently send marketing emails. If we introduce marketing communications in the future, you will have the ability to opt out of such messages while still receiving essential transactional emails.

8. Data Security

We implement reasonable security measures to protect your information, including:

  • Storing passwords as cryptographic hashes (never in plain text)
  • Storing API keys as hashes (you are responsible for securing your actual API keys)
  • Using secure connections (HTTPS/TLS) for data transmission
  • Hosting data with reputable providers (Google Cloud Platform, MongoDB)

However, as a new service operated by a single individual, our security infrastructure is evolving. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security of your information.

8.1 Data Breaches

In the event of a data breach affecting your information, we will make reasonable efforts to notify you. However, we do not currently have a formal data breach response protocol. Given the minimal amount of personal information we collect (primarily email addresses), the risk and impact of potential breaches is limited.

9. International Users and Data Transfers

URLert API is a global service accessible from anywhere in the world. However, all data is stored and processed in the United States.

For International Users: By using our Service, you understand and consent to the transfer of your information to the United States, where data protection laws may differ from those in your country.

9.1 Limited International Compliance

As a new, single-person operation, we do not currently maintain specific compliance programs for international data protection regulations such as:

  • GDPR (European Union)
  • UK GDPR (United Kingdom)
  • PIPEDA (Canada)
  • Other regional privacy frameworks

While we respect the privacy rights of all users globally and will honor data deletion requests from international users, we cannot guarantee full compliance with all international privacy regulations at this stage. If strict regulatory compliance is required for your use case, please consider whether our Service is appropriate for your needs.

9.2 California Privacy Rights (CCPA)

While we are not currently focused on specific state-level compliance, California residents may have additional rights under the California Consumer Privacy Act (CCPA). You may request information about data collection and exercise deletion rights by contacting us at support@urlert.com.

10. Children's Privacy

Our Service is not intended for individuals under the age of 18 (or the age of legal majority in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. Changes will be effective upon posting to this page with an updated "Last updated" date.

Material changes will be communicated via email or prominent notice on the Service. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

As URLert API grows and evolves, this policy will become more comprehensive. We encourage you to review it periodically.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

  • Email: support@urlert.com
  • Business Name: URLert API
  • Operator: Tomer Heber
  • Location: Austin, Texas, United States

13. Additional Information

13.1 Transparency as a New Service

URLert API is an early-stage service operated by a sole proprietor. We believe in being transparent about what we can and cannot commit to at this stage. As the service grows, we will enhance our privacy practices, security measures, and compliance capabilities.

13.2 Your Responsibility

You are responsible for the security of your account credentials and API keys. Do not share your password or API keys with others. If you submit URLs containing sensitive information, you acknowledge that such information may be stored and used as described in this policy.

14. Acknowledgment

By creating an account and using URLert API, you acknowledge that you have read, understood, and agree to this Privacy Policy.