Privacy Policy

Last updated: April 27, 2026

Prefetch ("we", "our", or "us") operates the Prefetch Brand Data API and the prefetchapi.com website. This Privacy Policy explains what information we collect, why we collect it, and how we handle it. We keep this straightforward — no legalese walls.

1. Information We Collect

Account Information

When you register, we collect your email address and a hashed password. We do not store plain-text passwords. We may also store a display name if you provide one. This information is used to authenticate you and manage your account.

API Usage Data

Every API request you make is logged. Logs include: the URL you submitted, the endpoint called (e.g. Brand Data, Screenshot, Company Info), the number of credits consumed, the HTTP status code returned, your API key (hashed), your IP address, and a timestamp. We retain these logs to power your dashboard analytics, enforce rate limits, and investigate abuse.

Payment Information

Payments are processed by Stripe. We never store your raw card numbers, CVV, or full payment details on our servers. We receive and store your Stripe Customer ID, subscription status, billing cycle, and plan tier so we can manage your account.

Technical & Browser Data

We collect standard server-side request metadata: IP addresses, user-agent strings, and referrer headers. We may use lightweight analytics (e.g. page views, feature click events) to understand how the product is used. These events do not contain personally identifiable information.

URLs You Submit

The URLs you send to our API are processed to extract brand data. We may cache processed results briefly (up to 24 hours) to serve faster repeated lookups and reduce redundant processing. We do not use your submitted URLs to profile you, sell data, or share results with third parties.

2. How We Use Your Information

  • To authenticate you and provide access to your dashboard and API key.
  • To process your subscription, track credit usage, and bill you correctly.
  • To enforce rate limits and detect abuse or fraudulent activity.
  • To display your request history and usage statistics inside the dashboard.
  • To send you transactional emails — account confirmation, password reset, billing receipts. We do not send marketing emails without explicit consent.
  • To improve the API: aggregate, anonymized usage patterns help us understand which endpoints are most valuable and where performance can be improved.
  • To comply with legal obligations where required.

3. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law (e.g. financial records for tax purposes, typically 7 years).

API request logs are retained for up to 90 days in full, then aggregated into anonymized usage statistics which are kept indefinitely for product analytics.

4. Cookies & Tracking

We use strictly necessary cookies (session tokens) to keep you logged in. We may use first-party analytics cookies to understand general product usage — these are aggregate and do not build cross-site profiles of you.

We do not use third-party advertising cookies or sell your data to ad networks. You can disable cookies in your browser, but this will prevent you from staying logged in.

5. Third-Party Services

  • Stripe — payment processing. Your payment data is subject to Stripe's Privacy Policy.
  • Supabase / cloud infrastructure — database and authentication hosting. Data is stored in secure, encrypted cloud environments.
  • Mintlify — documentation hosting at prefetch.mintlify.app. No account data is shared with Mintlify.

We vet our sub-processors for GDPR compliance and do not share your personal data with any third party beyond what is listed here.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request that we correct inaccurate data.
  • Deletion — request that we delete your account and personal data.
  • Portability — request your data in a machine-readable format.
  • Objection — object to processing based on legitimate interests.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

7. Security

We implement industry-standard security measures: HTTPS/TLS for all data in transit, bcrypt-hashed passwords, encrypted secrets management, and access controls on our infrastructure. No system is 100% secure; if you believe your account has been compromised, contact us immediately.

8. Children's Privacy

Prefetch is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal data, contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top and, for material changes, notify you via email. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact

Questions about this Privacy Policy? Reach us at
[email protected]