Privacy Policy

1. Introduction

Allnighter (“we”, “us”, or “our”) operates the Allnighter platform, API, and related services (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Service.

2. Information We Collect

Information you provide

• Account details: name, email address, and password when you register.
• Payment information: processed securely through Stripe. We do not store full card numbers.
• Communications: messages you send to our support team.

Information collected automatically

• Usage data: API call metadata (timestamps, endpoints, provider used, status codes, credit consumed).
• Device and browser information: IP address, browser type, operating system, and referring URL.
• Cookies and similar technologies: used for session management and analytics.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service.
• Process transactions and manage your credit balance.
• Send transactional emails (account verification, password resets, billing receipts).
• Monitor usage patterns to improve performance and prevent abuse.
• Enforce our Terms of Service and spend-cap policies.
• Respond to your enquiries and support requests.
• Comply with legal obligations.

4. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

• Third-party providers: when your agent makes a provider call, the minimum data required to fulfil the request is forwarded to that provider.
• Payment processors: Stripe processes your payments and receives the data necessary for billing.
• Infrastructure partners: hosting and database providers that help us operate the Service, bound by data processing agreements.
• Law enforcement: when required by law, subpoena, or governmental request.

5. Data Retention

We retain your account information for as long as your account is active. API call metadata is retained for 90 days for debugging and billing purposes, then aggregated and anonymised. You may request deletion of your account and associated data at any time.

6. Data Security

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, and access controls. API keys are hashed before storage. While we strive to protect your data, no method of electronic transmission or storage is 100% secure.

7. Cookies

We use essential cookies for authentication and session management. We may use analytics cookies to understand how the Service is used. You can control cookie preferences through your browser settings, though disabling essential cookies may affect functionality.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data.
• Object to or restrict certain processing.
• Request data portability.
• Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at privacy@acommerce.dev.

9. International Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including standard contractual clauses where applicable.

10. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Your continued use of the Service after changes constitutes acceptance.

12. Contact

If you have questions about this Privacy Policy, please contact us at privacy@acommerce.dev.