Privacy policy.
Last updated: March 25, 2026
Overview
TickerAPI is a financial data API. We exist to serve data to your applications — not to collect data about you. This policy explains what information we gather, why, and what we do with it.
The short version: we collect the minimum needed to operate accounts and process payments. We don't track you, profile you, or sell your data to anyone.
Information we collect
Account information
When you create an account, we collect:
- Your email address (required — used for authentication and account communications)
- Your name, if provided through Google OAuth or manually entered
- Authentication credentials (hashed passwords or OAuth tokens — never stored in plaintext)
Billing information
If you subscribe to a paid plan, payment information is collected and processed entirely by Stripe. We receive a Stripe customer ID and subscription status. We never see, process, or store your full card number, CVV, or billing address.
API usage data
When you make API requests, we log:
- The endpoint called and HTTP method
- Timestamp of the request
- Response status code
- Your API key identifier (not the key itself)
- Request IP address (for rate limiting and abuse detection)
We do not log request bodies, query parameters containing user data, or full API response bodies.
Technical data
When you visit the TickerAPI website, our infrastructure provider (Cloudflare) may process standard connection data such as IP address, TLS version, and HTTP headers. This is handled at the infrastructure level for security and performance — we do not access or store this data ourselves.
Information we don't collect
We don't use analytics trackers (no Google Analytics, no Mixpanel, no Amplitude). We don't use advertising pixels or retargeting scripts. We don't use fingerprinting. We don't build behavioral profiles. We don't track you across websites. We don't buy data about you from brokers. We don't sell, rent, or share your personal information with anyone for marketing purposes — ever.
How we use your information
We use the information we collect to:
- Operate your account — authenticate you, manage your API keys, display your dashboard
- Process payments — manage your subscription through Stripe, handle upgrades and downgrades
- Enforce rate limits — track usage against your plan's quotas
- Detect abuse — identify unauthorized access, credential sharing, or scraping
- Send transactional emails — account verification, login codes, billing receipts, critical service updates
- Respond to support requests — when you email us, we use your account information to help you
We will never send you marketing or promotional emails unless you explicitly opt in. Transactional communications related to your account and service operation are not considered marketing.
Cookies
We use a single, strictly necessary cookie:
That's it. No analytics cookies, no tracking cookies, no third-party cookies. We don't use local storage or session storage for tracking purposes either. Because we only use strictly necessary cookies, no cookie consent banner is required.
Third-party services
We use a small number of third-party services to operate TickerAPI. Each is chosen for a specific operational purpose, not for data collection:
- Stripe — processes all payments. Stripe operates as an independent data controller for payment data under their own privacy policy. We share your email and subscription details with Stripe to manage billing.
- Cloudflare — provides DNS, CDN, and DDoS protection. Cloudflare processes connection-level data (IP addresses, request headers) to protect our infrastructure. See their privacy policy.
- Transactional email provider — sends login codes, receipts, and critical notifications. We share your email address with this provider solely for delivery purposes.
We do not share your data with any other third parties. We do not integrate with ad networks, data brokers, or data aggregation services.
Data retention
- Active accounts — your account data is retained for as long as your account exists and is active.
- Deleted accounts — when you delete your account, we remove all personally identifiable information within 30 days. This includes your email, name, API keys, and session data.
- Usage logs — API request logs (endpoint, timestamp, status code) are retained for 90 days for operational purposes, then automatically purged.
- Billing records — Stripe retains billing records independently per their retention policies and applicable financial regulations. We cannot delete records held by Stripe.
- Aggregated data — anonymized, aggregated usage statistics (total request counts, uptime metrics) that cannot be tied to any individual may be retained indefinitely.
Security
We take the following measures to protect your data:
- All data in transit is encrypted via HTTPS/TLS
- API keys are hashed using one-way cryptographic functions — we cannot read your API key after creation
- Session tokens are cryptographically random and tied to individual accounts
- Database access is restricted to application-level connections with role-based permissions
- Infrastructure is hosted on Cloudflare's global network with built-in DDoS protection
No system is perfectly secure. If you believe your account or API key has been compromised, revoke your key immediately from the dashboard and contact us at support@tickerapi.ai.
Your rights
Regardless of where you're located, you have the right to:
- Access your data — request a copy of the personal information we hold about you
- Correct your data — update inaccurate information through your account settings or by contacting us
- Delete your data — delete your account at any time from your dashboard, or email us to request deletion
- Export your data — request a machine-readable export of your account data
- Object to processing — ask us to stop processing your data for specific purposes
For California residents (CCPA)
Under the California Consumer Privacy Act, you have additional rights including the right to know what personal information we collect and whether we sell it. We do not sell personal information. We do not share personal information for cross-context behavioral advertising. To exercise your rights, email support@tickerapi.ai.
For EU/EEA residents (GDPR)
Our legal basis for processing your data is contract performance (operating your account per our terms of service) and legitimate interest (security, abuse prevention). You have the right to lodge a complaint with your local data protection authority if you believe we're not handling your data properly.
Children's privacy
TickerAPI is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If you believe a child has created an account, please contact us and we will delete it immediately.
International data
TickerAPI is operated from the United States. If you access the service from outside the US, your data may be transferred to and processed in the United States. By using TickerAPI, you consent to this transfer. We rely on Cloudflare's global infrastructure, which means data may be processed at the edge location nearest to you.
Changes to this policy
If we make material changes to this policy — particularly changes that affect what data we collect or how we use it — we'll notify you by email at least 14 days before they take effect. Minor clarifications or formatting updates may be made without notice.
The "last updated" date at the top of this page always reflects the most recent revision. Previous versions of this policy are available upon request.
Contact
If you have questions about this privacy policy, want to exercise your data rights, or need to report a security concern:
Email us at support@tickerapi.ai.
We aim to respond to all privacy-related requests within 7 business days.