We collect only the information required to operate the service: your email, hashed password, full name (optional), Stripe customer reference, and the encrypted API credentials you choose to provide. We do not sell or share personal data with third parties.
Passwords are hashed with PBKDF2-SHA256 (200,000 iterations). API credentials are encrypted at rest with Fernet (AES-128-CBC + HMAC-SHA256). Decryption keys live only in server memory.
Stripe processes payments end-to-end; we never see your card number. You may request data export or deletion at any time by contacting support.