ApiFast is built to need as little of your data as possible. There are no accounts and no identity verification (KYC); email is optional. This policy explains the little we do handle.

What we collect

• A hash of your API key — never the key itself — to authenticate requests and track your balance.
• Usage metadata per request: the model called, token/unit counts, computed cost, and a timestamp. This powers your usage dashboard and billing.
• Order metadata: deposit amount, credit granted, crypto currency, and payment status, to confirm payments. If you opt in, we also store the email you provide and an encrypted copy of your key, so we can email it and let you recover it.
• IP address, transiently, only for rate-limiting and abuse prevention.

What we do NOT collect

• Your prompts and the model responses are not stored. Requests are proxied to the model provider and only the token/cost counts are recorded — not the content.
• No names, phone numbers, or KYC documents. Email is optional — stored only if you choose to add one.
• No advertising trackers or third-party analytics on the core flow.

Payments

Crypto payments are processed by a third-party payment processor (NOWPayments). The blockchain transaction and the wallet you pay from are visible to that processor and on the public ledger; we receive only the payment confirmation and amount. Review your processor’s own privacy terms.

Model providers

To fulfil a request we forward it to the relevant upstream AI provider. Your prompt is transmitted to that provider for processing and is subject to their data handling. We do not expose which upstream serves a given model, and we do not attach any identity to the request beyond what is technically necessary.

Cookies

The public site sets no tracking cookies. A single secure, http-only session cookie is used only for the admin panel login.

Retention

Usage and order records are retained to operate the Service, show your dashboard, and meet accounting needs. Aggregated, non-identifying metrics may be kept longer. Because there is no account, we have no profile to delete; discarding your key ends the association.

Data sharing

We do not sell your data. We share only what is necessary with the payment processor and the model providers described above, or where required by law.

Changes & contact

We may update this policy; the date above reflects the current version. Questions can be sent to the contact address published on the site. See also our Terms of Service.

This document is a general template and not legal advice. Have it reviewed by a qualified lawyer in your jurisdiction before relying on it for a live business.