At Thunderforest we take your privacy seriously. We only collect the personal information that is necessary to provide you with our services, and we do not sell or rent your data to anyone else.
This policy has been created to provide transparency to you about what personal information we collect and the purposes for doing so.
When you register with us we store your name and email address. This is so that we can contact you later if there are changes to our service, and to provide you with information about your account, for example quota notifications. We also store the IP address that you register with, to prevent abuse and as part of our establishing of your location for tax reasons.
Our registration system is hosted by Heroku, a division of Salesforce.
If you become a paying customer, we require your address and VAT information for tax reasons. You provide your payment card information to our payment partner (Stripe) and we do not store the card number ourselves. We do store the last four digits of the card number, to provide you this information when you are managing your payments, and the card expiry so that we can notify you when you need to update your card information.
We share your financial information with our bookkeeping service provider (Xero), our accountant and the UK Tax authority (HMRC) in order to comply with tax and accounting laws.
Our website is hosted by Krystal. We do not run any analytics or tracking on our site.
Our services are hosted by Hetzner and are physically located in the EU. When you send us an API request we log details of the request and send you the response. We store this information for later analysis to improve the services that we provide, to ensure the integrity and security of the services, and for billing purposes.
We maintain accurate personal information by allowing you to update your details through our website. If you want to remove your personal information from our systems, you can close your account through our website at any time.
For free accounts that are no longer active, we will delete your account after 12 months of inactivity (not having logged in, and not having made any API requests).
For paying customers, we will still keep records of all completed transactions for tax and accounting purposes.
Significant changes to this policy will be announced on our blog. This policy was last updated on 24 May 2018.