TODO before launch: have this reviewed by counsel (Termly or in-house). The placeholder below describes our actual data handling and is a starting point, not a finished policy.
Account email, hashed password, and your API key hashes (never the plaintext). For paid customers, Stripe handles all card data; we store only Stripe's customer + subscription identifiers.
For each gateway request: timestamp, endpoint path, HTTP method, status code, latency, response size, and your customer ID. We do not log request or response bodies. Logs are retained for 90 days unless you have an Enterprise contract specifying otherwise.
Nothing — except processors required to operate the service (Supabase, Stripe, Vercel, Resend, Sentry, Axiom). We do not sell or share your data for marketing.
Questions: hello@souslab.site.