IP-API.io takes the security and privacy of its EU citizen customers very seriously. IP-API.io is intent on complying with the European Union's General Data Protection Regulation (GDPR) and has created the following policy and disclosures in accordance with GDPR.

1. Paddle (https://paddle.com) acts on behalf of IP-API.io as Merchant of Record (MOR). Paddle is the reseller of IP-API.io services and customers purchase from and provide data to Paddle. Customer data is passed from Paddle to IP-API.io when customer purchases a subscription.

2. IP-API.io has a legitimate interest to use customer provided data for product fulfilment, order processing, fraud prevention, and product support.

IP-API.io only collects data from users who either subscribe to IP-API.io services, or engage with, the IP-API.io. IP-API.io is committed to only collecting data that is necessary for IP-API.io to provide the content and services on the IP-API.io.

3. The categories of personally identifiable information that IP-API.io may receive include: (a) name, (b) e-mail address, or any other information the IP-API.io collect that is defined as personal or personally identifiable information under an applicable law or any other identifier by which you may be contacted online or offline.

4. IP-API.io processes data based on (a) consent of the user; and (b) the necessity of the data for providing the services that users are contracting for when they purchase IP-API.io services.

IF YOU DO NOT CONSENT TO THE PROCESSING OF YOUR DATA IN ORDER TO ACCESS AND USE THE IP-API.io WEBSITE, PLEASE DO NOT USE, OR ENGAGE WITH, THE IP-API.io WEBSITE.

5. IP-API.io does not provide your data to third party recipients who are not necessary to the services and content provided on the IP-API.io without your permission.

6. IP-API.io will retain your information for as long as your subscription is active or as needed to provide you services. If you no longer want IP-API.io to use your information to provide you services, you may follow the "Withdrawal of Consent/Erasure" provision below. After closing your account, IP-API.io will solely use your information as necessary to comply with any applicable legal obligations.

7. IP-API.io has implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to IP-API.io is stored on secure servers behind firewalls. Any payment transactions and other sensitive information will be encrypted using secure socket layer (SSL) technology. IP-API.io follows generally accepted industry standards to protect the personal information submitted, both during transmission and once IP-API.io receives it.

8. Withdrawal of Consent/Erasure

If, at any point, you no longer wish to have your personal data processed by IP-API.io, wish to be forgotten, or wish to have your data erased, simply send an email to support@IP-API.io with the phrase "consent withdrawn" or "erase" in the subject line. Your request should include your name, email address and order number. IP-API.io will move expeditiously to stop the processing of your personal data and to remove your personal data from its systems. Please understand that, without access to your personal data, IP-API.io may not be able to provide certain services. For example, IP-API.io will not be able to send you communications, api keys, updates. Additionally, it may be impossible for IP-API.io to fulfill purchases or sales without access to personal information.

9. You also have the right to request access to your data. In order to effect any such request, you should send the request to support@IP-API.io. Your request should include your name, email address and order number. IP-API.io will endeavor to correct the data or to provide you your data in a simplistic and easily readable format as quickly as possible, but in no more than thirty (30) days.

10. We use a small number of GDPR compliant tracking and monitoring platforms (Google Analytics, Paddle.com). These services use a combination of temporary and long lived cookies to be able to identify unique user journeys. These services are used internally only for platform diagnostics and product improvements.

The data collected is not shared with any outside parties, nor is used for any activities which would require further GDPR compliance or an opt-out. They are necessary to ensure the reliable operation of our platform.