ChowAPI is now in open beta — sign up and start building today.
c
ChowAPI

Privacy Policy

Last updated: March 31, 2026

1. Overview

This Privacy Policy explains how ChowAPI ("we," "us," "our") collects, uses, and protects your information when you use our website, API, dashboard, and related services (collectively, the "Service"). ChowAPI is operated from California, United States.

2. Information We Collect

Account Information

When you create an account, we collect your email address and, if you authenticate via OAuth (GitHub or Google), your name and profile information as provided by the OAuth provider. We do not store passwords — authentication is handled via OAuth or email magic links. We do not require your legal name, physical address, or phone number to use the Service.

API Usage Data

When you make API calls, we log the endpoint called, timestamp, response time, status code, and the API key ID used. We do not log request bodies, search queries, or the food data returned in responses.

Billing Information

Payment processing is handled entirely by Stripe. We store your Stripe customer ID and credit balance. We do not store credit card numbers, bank account details, or other payment credentials.

Website Analytics

We use Vercel Analytics and Vercel Speed Insights on our website. These services collect anonymous, aggregated performance data such as page views, load times, and web vitals. No personally identifiable information is collected by these tools. See our Cookie Policy for details.

3. How We Use Your Information

  • Account management: To create and maintain your account, authenticate you, and communicate about your account
  • Billing: To track credit usage, process purchases, and maintain billing records
  • Rate limiting: To enforce per-minute and monthly usage limits
  • Service improvement: To monitor API performance, identify issues, and improve the Service
  • Security: To detect and prevent abuse, fraud, or unauthorized access

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. API Key Security

API keys are hashed with SHA-256 using the Web Crypto API before storage. We never store plaintext API keys in our database. The full key is displayed only once at the time of creation. If you lose your key, you must generate a new one.

5. Third-Party Services

We use the following third-party services that may process your data:

  • Supabase — Database hosting, authentication, and API infrastructure
  • Stripe — Payment processing and billing management
  • Upstash — Redis-based rate limiting
  • Vercel — Website hosting, analytics, and performance monitoring

Each of these services has their own privacy policies governing how they handle data.

6. Data Retention

  • API usage logs: Retained for 90 days, then automatically deleted
  • Monthly usage aggregates: Retained for billing and account purposes for the life of your account
  • Account data: Retained until you request deletion
  • Billing records: Retained as required by applicable tax and financial regulations

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate personal data
  • Deletion: Request deletion of your account and associated personal data
  • Portability: Request your data in a portable format
  • Objection: Object to processing of your personal data

To exercise any of these rights, email us at hello@chowapi.dev. We will respond within 30 days.

8. California Privacy Rights (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request deletion of your data, and opt out of the sale of your data. We do not sell personal information. To make a request, email hello@chowapi.dev.

9. International Data Transfers

Our infrastructure is hosted in the United States. If you access the Service from outside the United States, your data may be transferred to and processed in the United States. By using the Service, you consent to this transfer.

10. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected data from a child, contact us and we will promptly delete it.

11. Data Security

We implement reasonable technical and organizational measures to protect your data, including SHA-256 key hashing, encrypted connections (HTTPS/TLS), and access controls. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

12. Do Not Track

Some browsers transmit "Do Not Track" (DNT) signals. Since we do not use advertising cookies or cross-site tracking, our practices are consistent with DNT expectations regardless of whether the signal is present.

13. Data Sharing and Disclosure

We do not sell, rent, trade, or otherwise share your personal data with third parties for their marketing or commercial purposes. We may disclose your information only in the following circumstances:

  • Service providers: To third-party services listed in Section 5 that process data on our behalf to operate the Service
  • Legal requirements: If required by law, court order, or governmental regulation
  • Safety and enforcement: To protect the rights, safety, or property of ChowAPI, our users, or the public, or to enforce our Terms of Service

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or a notice on the website. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

15. Contact

For privacy questions or to exercise your data rights, email hello@chowapi.dev.