Privacy Policy

Effective date: February 28, 2026

1. Introduction

This Privacy Policy describes how ReportForge API ("the Service"), operated by AlberaMarc ("we", "us", "our"), collects, uses, and protects information when you use our report generation API at reportforge-api.vercel.app.

2. Data We Process

The Service is designed to minimize data collection. Here is what we handle:

Data you submit for report generation:

• CSV or JSON data submitted to our API endpoints is processed in memory to generate HTML reports
• Your data is never stored, logged, cached, or retained beyond the duration of a single HTTP request
• Generated reports are returned in the HTTP response and not saved on our servers

Account information (if you sign up):

• Email address — used for account identification and optional notifications
• API key hash — a one-way SHA-256 hash of your API key (we never store your raw API key after initial generation)
• Usage tier — your current subscription level (free, starter, or business)

Usage analytics:

• Endpoint called — which API route was accessed
• Response status — success or error code
• Timestamp — when the request was made
• Response time — how long the request took to process
• We do not log IP addresses, user agents, or request bodies

3. How We Use Your Information

• Service delivery: Processing your data to generate reports as requested
• Rate limiting: Enforcing usage limits based on your subscription tier
• Service improvement: Analyzing aggregate usage patterns to improve performance and reliability
• Communication: Sending essential service notifications (only if you provide an email)

4. Data Storage and Security

Account and usage data is stored in Supabase (PostgreSQL) with the following protections:

• API keys are stored as SHA-256 hashes — your raw key cannot be recovered from our database
• All data is encrypted in transit via TLS/HTTPS
• Database access is restricted via Row Level Security (RLS) policies
• The Service runs on Vercel's edge network with built-in DDoS protection

5. Third-Party Services

We use the following third-party services:

• Vercel — hosting and serverless function execution (Privacy Policy)
• Supabase — database storage for accounts and usage data (Privacy Policy)
• Stripe — payment processing for paid tiers (Privacy Policy)

We do not sell, rent, or share your personal information with any other third parties.

6. Data Retention

• Submitted data: Not retained. Processed in memory and discarded immediately after response.
• Account information: Retained for as long as your account is active. Deleted upon request.
• Usage analytics: Retained for 90 days, then automatically purged.
• Payment records: Retained as required by financial regulations (typically 7 years).

7. Your Rights

You have the right to:

• Access your account data via the dashboard
• Delete your account and associated data by contacting us
• Export your usage data upon request
• Opt out of non-essential communications

8. Cookies

The Service does not use cookies. Authentication is handled via API keys sent in request headers.

9. Children's Privacy

The Service is not intended for use by anyone under the age of 13. We do not knowingly collect information from children under 13.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The "Effective date" at the top of this page indicates when the policy was last revised. Continued use of the Service after changes constitutes acceptance of the revised policy.

11. Contact

If you have questions about this Privacy Policy, please contact us at:

GitHub Issues