← Back to Homepage

Privacy Policy

This Privacy Policy explains how CandycornDB collects, uses, stores, and protects data related to users of our API services and website. Our audience includes developers, businesses, and security professionals — transparency and data security are core to our mission.

Data We Collect

• IP Addresses: Submitted to our API for risk scoring. These may be compared against internal datasets and third-party sources like ipinfo.io.
• Authentication Info: Email, plan tier, usage count, and timestamps for API requests.
• Diagnostic Metadata: Includes timing, error logs, and headers for platform performance and abuse prevention.

Data We Do NOT Collect

• No cookies or browser tracking scripts
• No behavioral analytics or third-party tracking pixels
• No client user data or PII beyond signup email

How We Use Data

• To deliver accurate, real-time IP intelligence scoring
• To maintain service uptime and quality
• To prevent abuse, fraud, and API misuse
• To gradually reduce reliance on fallback sources like ipinfo.io through learned heuristics

Data Retention

IP scoring and usage data is retained only as long as necessary for operational and security purposes. We periodically purge stale records and anonymize historical datasets.

Security Practices

• Encrypted communication (HTTPS/TLS 1.3)
• Access control on all internal endpoints
• Token-based authentication for API usage
• Rate limiting and abuse detection at the edge

Compliance

• GDPR and CCPA aligned policies
• Data hosted with privacy-forward infrastructure providers
• Audit logs for internal access to sensitive data

Your Rights

You may request access, correction, or deletion of your data at any time by emailing support@candycorndb.com.