Privacy Policy

1. Overview

bins360 ("we", "us", or "our") respects your privacy. This policy explains what information we collect when you use bins360.org, how we use it, and your rights regarding that information.

2. Information We Collect

2a. Information you provide

• Email address — when you sign up for a paid plan or request a magic link login
• Payment information — processed directly by Stripe; we never store card numbers

2b. Information collected automatically

• IP address — used solely for rate limiting on the free tier; not stored long-term
• BIN lookup queries — we log the BIN prefix queried and a timestamp for abuse prevention; we do not log full card numbers
• Usage counts — total lookups per account per day for plan enforcement
• Standard server logs — request path, status code, timestamp (retained up to 30 days)

3. How We Use Your Information

• Deliver the Service and enforce plan limits
• Send magic link login emails and transactional notices (no marketing without consent)
• Detect and prevent abuse, fraud, and unauthorized access
• Improve and maintain the platform
• Comply with legal obligations

4. Third-Party Services

We use the following third-party processors:

• Stripe — payment processing. Subject to Stripe's Privacy Policy.
• Resend — transactional email delivery. Subject to Resend's Privacy Policy.
• Cloudflare — DNS, CDN, and tunnel services. Subject to Cloudflare's Privacy Policy.

We do not sell or rent your personal data to any third party.

5. Cookies and Session Storage

We use a single session cookie to keep you logged in after authenticating via magic link. This cookie contains your email address and plan level in an encoded format. No third-party tracking cookies or advertising cookies are used.

6. Data Retention

• Account data (email, plan, API key) — retained while your account is active; deleted within 30 days of account closure
• Magic link tokens — automatically expire and are invalidated after use
• IP-based rate limit counters — reset daily; not stored beyond 24 hours
• Server logs — retained up to 30 days

7. Security

All data is transmitted over HTTPS via Cloudflare's encrypted tunnel. Account data and API keys are stored in an encrypted SQLite database on our server. We do not store plain-text passwords; authentication is handled entirely via magic links. While we take reasonable measures to protect your data, no system is completely secure.

8. Your Rights

You have the right to:

• Request a copy of the personal data we hold about you
• Request correction or deletion of your account data
• Cancel your subscription at any time
• Opt out of any future marketing communications

To exercise any of these rights, email us at [email protected].

9. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided us personal information, contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of the Service after changes are posted constitutes acceptance of the revised policy.

11. Contact

Questions or concerns about this Privacy Policy? Contact us at [email protected].