This Privacy Policy describes how HandTextAI ("we", "us", "our") collects, uses, and protects information when you use our API service. If you are using our API to process personal data, you are responsible for compliance with applicable data protection laws.
2. Information We Collect
2.1 Account Information
During our manual onboarding process, we collect:
Business name
Contact person name and email
Tax identification numbers (where applicable)
Note: Billing addresses are collected and managed directly by Stripe during payment setup.
2.2 API Usage Data
We automatically collect:
API key identifiers
Request timestamps and endpoints accessed
IP addresses of API requests
Request volumes and response times
Error logs and debugging information
User agent strings (primarily in connection with web-based dashboard sessions and related authentication events)
2.3 Content Data
Text Input: Text content submitted for handwriting generation
Processing: We process this content to provide the service and for related operational purposes described in this Policy
Retention: To the extent reasonably necessary for the operation, maintenance, and integrity of the service (including diagnostics, support, and internal analysis), we may retain a verbatim representation of text submitted via the API as an attribute of API request log entries maintained within our systems of record. Such retained content is subject to applicable technical and organizational access controls and is not made available through customer-facing API responses or user/admin dashboards.
Output: For single-request API calls, generated images are transmitted to you and are not otherwise stored by us; for batch jobs initiated through the dashboard, output artifacts may be stored and made available for download subject to expiration and housekeeping.
2.4 Billing Information
Through our payment processor (Stripe):
Payment method details (bank account or card information) - stored by Stripe
Billing address - collected and stored by Stripe
Billing history and invoices
Transaction identifiers
3. How We Use Information
3.1 Service Delivery
Process API requests and generate handwritten text
Authenticate and authorize API access
Monitor service performance and reliability
Provide technical support
3.2 Business Operations
Generate monthly usage invoices
Process payments via Stripe
Analyze usage patterns for capacity planning
Detect and prevent abuse or fraud
3.3 Communications
Send service-related notifications
Provide technical updates and maintenance notices
Respond to support inquiries
Send billing and payment reminders
3.4 Legal Compliance
Comply with legal obligations
Respond to lawful requests from authorities
Enforce our Terms of Service
Protect our rights and property
4. Data Retention
Data Type
Retention Period
Purpose
Account Information
Duration of business relationship + 7 years
Legal and tax requirements
API Request Logs (which may, as applicable, include certain Content Data)
No fixed retention period; retained as reasonably necessary for service operations and compliance
Service operations, diagnostics, support, billing reconciliation, and related internal analysis
Batch Job Inputs and Outputs (e.g., CSV uploads, generated artifacts, and reports)
Output download is available until the job expiration timestamp (default 7 days); artifacts may remain until removed as part of routine housekeeping
Batch processing, fulfillment, and customer access to batch artifacts
Generated Content (single-request endpoints)
Not retained
Transient processing only
Billing Records
7 years
Tax and accounting requirements
Support Communications
2 years
Service improvement and compliance
5. Data Sharing and Disclosure
5.1 Service Providers
We share data with:
Stripe: Payment processing and billing
Infrastructure Providers: Cloud hosting and content delivery
Analytics Tools: Service monitoring (aggregated data only)
5.2 No Sale of Data
We do not sell, rent, or trade your information to third parties for marketing purposes.
5.3 Legal Disclosure
We may disclose information when required by:
Court orders or legal process
Government authorities with lawful requests
Protection of our legal rights
Investigation of suspected fraud or violations
6. Data Security
6.1 Technical Measures
TLS encryption for all API communications
Encryption at rest for stored data
Secure key management practices
Regular security audits and updates
6.2 Organizational Measures
Access controls and authentication
Employee confidentiality agreements
Security incident response procedures
Regular security training
6.3 Payment Security
PCI DSS compliance through Stripe
No direct storage of payment card details
Tokenized payment methods
7. International Data Transfers
Our service operates from the United States. By using our service, you consent to the processing of data in this location. We ensure appropriate safeguards for international transfers where required by law.
8. Your Rights and Choices
8.1 Access and Portability
You have the right to:
Access your account information
Receive usage data in a structured format
Obtain copies of invoices and billing records
8.2 Correction and Deletion
You may:
Update account information through the dashboard (where available)
Request correction of inaccurate data
Request deletion of your account by contacting us (subject to legal retention requirements)
8.3 Processing Restrictions
You can:
Disable API keys to stop processing
Object to specific data uses
Withdraw consent where applicable
8.4 Exercising Rights
To exercise these rights, contact: privacy@handtextai.com
We will respond to valid requests within 30 days (or as required by applicable law).
9. Data Processing Agreement
For customers requiring a Data Processing Agreement (DPA) for GDPR compliance or other regulatory requirements, please contact legal@handtextai.com.
10. California Privacy Rights
California residents may have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), to the extent applicable. We:
Do not sell business information
Provide transparency about data practices
Honor applicable data rights requests
11. GDPR Compliance (For EU/EEA Customers)
11.1 Legal Basis
We process data based on:
Contract: Necessary for service delivery
Legitimate Interests: Billing, security, and service improvement
Legal Obligations: Tax and regulatory compliance
Consent: Where specifically obtained
11.2 Data Controller/Processor
We act as a Data Controller for account and billing information
We act as a Data Processor for content you submit through the API
You are responsible for having lawful basis to process any personal data
11.3 EU Representative
For GDPR matters, contact: gdpr@handtextai.com
12. Children's Privacy
Our service is not intended for anyone under 18 years of age. We do not knowingly collect information from children.
13. Changes to This Policy
We may update this Privacy Policy to reflect changes in:
Legal requirements
Business practices
Service features
We will notify you of material changes via email at least 30 days before the effective date.
14. Data Breach Notification
In the event of a data breach that may impact your information:
We will notify affected customers within 72 hours of discovery
We will provide details about the nature and scope of the breach
We will outline remediation steps taken
We will offer recommendations for protective measures
15. Cookies and Tracking
15.1 API Service
The API endpoints do not require cookies and do not use browser cookies for API request processing.
15.2 Documentation Site
Our dashboard and documentation may use:
Essential cookies for functionality and authenticated sessions
Analytics cookies for service improvement (optional)
16. Contact Information
Privacy Inquiries
Email: privacy@handtextai.com
Data Protection Officer
Email: dpo@handtextai.com
General Support
Email: api@handtextai.com
Mailing Address
HandTextAI
(Available upon request via email)
17. Complaints
If you have concerns about our privacy practices:
1. Contact us directly at privacy@handtextai.com
2. You have the right to lodge a complaint with your local data protection authority
Last Updated: January 2026
By using the HandTextAI API service, you acknowledge that you have read and understood this Privacy Policy.