Privacy Policy
Last updated: June 2025
This Privacy Policy explains how WalletPass API ("we", "our") collects, uses, and protects information when you use the Service.
1. Information We Collect
We collect the following categories of information:
- Account information — name and email address provided during signup.
- Credentials — Apple P12 certificates, Google service account keys, and API secrets, stored AES-256 encrypted.
- Pass data — the JSON payloads you submit to create and update passes.
- Usage logs — API request metadata (timestamp, endpoint, status code, IP address) for security and debugging.
2. How We Use Your Information
We use your information solely to provide, maintain, and improve the Service. We do not sell or share your data with third parties for marketing purposes.
3. Data Storage and Security
All data is stored on Cloudflare's infrastructure. Sensitive credentials are encrypted at rest using AES-256. Access to production data is restricted to authorised personnel only.
4. Data Retention
We retain your data for as long as your account is active. Upon account deletion, your pass data and credentials are permanently removed within 30 days. API logs are retained for 90 days for security purposes.
5. Cookies
The portal uses a single portal_session HTTP-only cookie for authentication. No tracking or analytics cookies are used.
6. Your Rights
You may request access to, correction of, or deletion of your personal data at any time by contacting us. We will respond within 30 days.
7. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes via the Changelog.
8. Contact
For privacy-related questions, contact us via the homepage.