At Thunderforest we take your privacy seriously. We only collect the personal information that is necessary to provide you with our services, and we do not sell or rent your data to anyone else.
We are fully compliant with data protection regulations and best practices, including:
This policy has been created to provide transparency to you about what personal information we collect and the purposes for doing so.
When you register with us we store your name and email address. This is so that we can contact you later if there are changes to our service, and to provide you with information about your account, for example quota notifications. We also store the IP address that you register with, to prevent abuse and as part of our establishing your location for tax reasons.
Our registration system is securely hosted by Heroku, a division of Salesforce.
If you become a paying customer, we require your address and VAT information for tax reasons. You provide your payment card information to our payment partner (Stripe) and we do not store the card number ourselves. We do store the last four digits of the card number, to provide you this information when you are managing your payments, and the card expiry so that we can notify you when you need to update your card information.
We share your financial information with our bookkeeping service provider (Xero), our accountant and the UK Tax authority (HMRC) in order to comply with tax and accounting laws.
To improve our product, we may ask for your feedback on our product and services. We may store this voluntary information for internal reference only, unless otherwise specified by you in writing.
Our website is hosted by Gitlab. We use Fathom Analytics as a privacy-focussed, GDPR compliant analytics service.
Our services are hosted by Hetzner and are physically located in the EU. When you send us an API request we log details of the request and send you the response. We store this information for later analysis to improve the services that we provide, to ensure the integrity and security of the services, and for billing purposes.
We use Mandrill for sending account notifications to you. We also use Highrise to manage our customer support emails.
We use the personal information that we collect in order to:
We do not sell or rent your data to anyone else.
We disclose certain information to our specified business partners, as described in this policy. We may have a legal duty to share your information with tax or financial authorities, or if otherwise required by law or Court Order.
We make every effort to ensure that your information is secure. We do so by using industry-standard security practices, including using TLS for all personal information, and by ensuring that our software and operating systems are secure and regularly updated.
We maintain accurate personal information by allowing you to update your details through our website. If you want to remove your personal information from our systems, you can close your account through our website at any time. We may retain a copy of your account information for up to 7 days after you close your account, to provide customer support and to prevent abuse.
For free accounts that are no longer active, we will delete your account after 12 months of inactivity (not having logged in, and not having made any API requests).
For paying customers, we will still keep records of all completed transactions for tax and accounting purposes.
Significant changes to this policy will be announced on our blog. This policy was last updated on 6 January 2023.