Privacy Policy

1. Data Collected

Almuten stores the SHA-256 hash of your API key and associated request metadata: IP address, timestamp, endpoint path, and request ID. Raw API keys are never stored.

2. Request Data

Birth dates, times, and geographic coordinates submitted to chart endpoints are processed transiently to compute results. This data is not stored beyond the server-side cache TTL (maximum 1 hour) and is never associated with personally identifiable information.

3. User Accounts

Almuten stores your email address and name for authentication purposes. Passwords are hashed and never stored in plain text. You may delete your account at any time from the dashboard, which removes all associated data.

4. Telemetry

The Service collects operational telemetry for reliability and performance monitoring. This includes structured JSON logs, Prometheus metrics (request counts, latencies), OpenTelemetry distributed traces, and Sentry error reports. Telemetry data does not contain request bodies or personally identifiable information.

5. Third-Party Services

Almuten uses the following third-party services to operate:

• Upstash — Redis hosting for rate limiting and response caching
• Vercel — Application hosting
• Sentry — Error tracking and performance monitoring

6. Cookies

The website uses session cookies for authentication. The API does not set cookies or use tracking pixels. No cross-site tracking is employed.

7. Data Retention

• Rate limit counters: 60 seconds
• Response cache: up to 1 hour (varies by endpoint)
• API key metadata: retained until key revocation
• Account data: retained until account deletion
• Structured logs: retained per hosting provider defaults

8. Data Deletion

Deleting your account removes all associated data including API keys, usage records, and profile information. You can delete your account from the dashboard at any time.

9. Contact

For privacy-related inquiries, contact the Almuten team via the channels listed in the API documentation.