Privacy Policy

Last updated: March 2026

Depify ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our API monitoring platform and related services (collectively, the "Service"). Depify is operated from Bangalore, India. By using the Service, you consent to the practices described in this policy.

1. Information We Collect

Account Information: When you register, we collect your name, email address, company name (optional), and password (stored as a secure hash). Email verification is required to activate your account.

Usage Data: We automatically collect information about how you interact with the Service, including pages visited, features used, timestamps, browser type, IP address, and device information.

API Monitoring Data: When you configure endpoints for monitoring, we collect and store endpoint URLs, HTTP methods, response status codes, response times (latency), response headers, and response bodies for the endpoints you have configured. This data is essential to providing our core monitoring and intelligence features.

Payment Information: If you subscribe to a paid plan, payment details (credit card numbers, billing address) are processed directly by our payment processors (Stripe and/or Razorpay). We do not store your full credit card number on our servers. We retain transaction IDs, plan details, and billing history.

Communications: If you contact us via email or through our contact form, we retain the content of your messages, your email address, and our responses.

2. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Service: Monitor your API endpoints, deliver alerts, process webhook debugging requests, manage feature flags, and run AI-powered schema analysis.
  • Improve the product: Analyze usage patterns to improve features, fix bugs, and develop new capabilities. All analysis is performed on aggregated, anonymized data.
  • Billing and account management: Process payments, manage subscriptions, send invoices, and handle plan upgrades or downgrades.
  • Customer support: Respond to your inquiries, troubleshoot issues, and provide technical assistance.
  • Security: Detect and prevent fraud, abuse, and unauthorized access to the Service.
  • Communications: Send transactional emails (alerts, billing confirmations), and if you opt in, product updates and newsletters. You can unsubscribe from marketing emails at any time.

3. Data Storage and Security

We take the security of your data seriously and implement industry-standard measures to protect it:

  • Encryption at rest: All data stored in our databases is encrypted using AES-256 encryption.
  • Encryption in transit: All data transmitted between your browser/applications and our servers is encrypted using TLS 1.2 or higher.
  • Secure infrastructure: Our services are hosted in secure, SOC 2-compliant data centers with physical security controls, redundant power, and environmental monitoring.
  • Access controls: Employee access to customer data is restricted on a need-to-know basis and requires multi-factor authentication.
  • Regular audits: We conduct regular security assessments and vulnerability scans of our infrastructure.

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

4. API Monitoring Data Handling

Our core service involves monitoring API endpoints you configure. Here is exactly what we store and how we handle it:

  • Endpoint URLs: The full URL of each API endpoint you add for monitoring.
  • Response times: Latency measurements (P50, P90, P95, P99 percentiles) for each check.
  • Status codes: HTTP response status codes returned by your endpoints.
  • Response bodies: For endpoints where you enable schema drift detection or response logging, we store the full response body. You can disable response body storage at any time per endpoint.
  • Request/response headers: Stored when webhook debugging is enabled for a given endpoint.

API monitoring data is stored separately from your account data and is only accessible to authenticated members of your workspace. We never share your API monitoring data with third parties except as required to provide the Service (e.g., passing data to our AI analysis engine).

5. Third-Party Services

We use the following third-party services to operate Depify. Each has their own privacy policy governing their handling of data:

  • Stripe / Razorpay — Payment processing. When you subscribe to a paid plan, your payment details are sent directly to these processors. We receive only confirmation of payment and a transaction ID. Stripe Privacy Policy | Razorpay Privacy Policy
  • Resend — Transactional email delivery. We use Resend to send alert notifications, account verification emails, and billing receipts. Your email address and the content of transactional emails are processed by Resend. Resend Privacy Policy
  • Anthropic — AI-powered analysis. When you use our API Intelligence features (schema drift detection, anomaly analysis), relevant API response data is sent to Anthropic's Claude API for analysis. Anthropic does not use this data for training. Anthropic Privacy Policy

We do not sell your personal data to any third party.

6. Cookies and Tracking

We use a minimal cookie approach:

  • Session cookies: Essential for authentication and maintaining your logged-in state. These are strictly necessary and cannot be disabled while using the Service.
  • Preference cookies: Store your UI preferences (theme, timezone, dashboard layout). These expire after 1 year.

We do not use any third-party tracking cookies. We do not use Google Analytics, Facebook Pixel, or any other third-party tracking or advertising technology. Your browsing activity on Depify is not shared with advertisers or data brokers.

7. Data Retention

Data retention periods vary based on the type of data and your subscription plan:

  • Free plan: API monitoring data (response times, status codes, response bodies) is retained for 7 days.
  • Pro plan: API monitoring data is retained for 30 days.
  • Enterprise plan: API monitoring data is retained for 90 days (custom retention available upon request).
  • Account data: Your account information is retained for the lifetime of your account plus 30 days after deletion to allow for recovery if you change your mind.
  • Billing records: Retained for 7 years to comply with tax and financial regulations.

You can request immediate deletion of your monitoring data at any time through your account settings or by contacting us.

8. Your Rights

You have the following rights regarding your data:

  • Access: You can request a copy of all personal data we hold about you. We will provide this within 30 days of your request.
  • Correction: You can update or correct your personal information through your account settings at any time.
  • Deletion: You can request deletion of your account and all associated data. Once confirmed, deletion is processed within 30 days.
  • Export: You can export your monitoring data, alert configurations, feature flag settings, and webhook logs in JSON or CSV format from your dashboard.
  • Restriction: You can request that we limit the processing of your data in certain circumstances.
  • Portability: You can request your data in a machine-readable format to transfer to another service.

To exercise any of these rights, contact us at contact@depify.io.

9. GDPR Compliance

For users in the European Union (EU) and European Economic Area (EEA), we comply with the General Data Protection Regulation (GDPR):

  • Legal basis for processing: We process your data based on (a) your consent, (b) the necessity to perform our contract with you (providing the Service), (c) our legitimate interests (improving the Service, preventing fraud), and (d) legal obligations.
  • Data transfers: Your data may be transferred to and processed in India, where our primary operations are based. We implement appropriate safeguards, including Standard Contractual Clauses (SCCs), to protect data transferred outside the EEA.
  • Data Protection Officer: You can reach our data protection team at contact@depify.io.
  • Supervisory authority: EU users have the right to lodge a complaint with their local data protection supervisory authority.

10. Data Processing Agreement

If you require a Data Processing Agreement (DPA) for compliance purposes, we offer a standard DPA that covers:

  • The nature and purpose of data processing
  • Types of personal data processed
  • Sub-processor disclosures
  • Security measures and incident notification procedures
  • Data subject rights and assistance obligations

To request a DPA, please contact us at contact@depify.io. We will provide a signed copy within 5 business days.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Post the updated policy on this page with a revised "Last updated" date.
  • Send an email notification to registered users at least 30 days before material changes take effect.
  • Display a notice within the Service dashboard.

Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

  • Email: contact@depify.io
  • Address: Depify, Bangalore, India
  • Response time: We aim to respond to all privacy-related inquiries within 48 hours.