APIVAPT is committed to data minimisation — we collect only what is strictly necessary to deliver our services and communicate with you.
1. Data Collection
We collect personal information only through our contact form. The data we collect is limited to:
- Work email address
- Target API type
- Message content
We do not collect payment information through our website. We do not use tracking pixels, third-party analytics, or social media trackers.
2. Data Usage
We use your data exclusively to:
- Respond to your security assessment inquiry
- Prepare a tailored proposal for your API security needs
- Communicate about our engagement, if you choose to proceed
We do not sell, share, or rent your personal data to any third party.
3. Data Security
As a security firm, we hold ourselves to the highest standards. Your data is protected by:
- End-to-end encryption in transit (TLS 1.3)
- Encryption at rest for all stored communications
- Access controls limited to authorized team members only
- Regular security audits of our own internal infrastructure
4. Cookies
We use only essential cookies required for basic functionality. We do not use advertising cookies, tracking cookies, or any third-party cookie services.
5. Data Retention
Contact form submissions are retained for a maximum of 12 months. If an engagement proceeds, relevant data is retained for the duration of the contract plus 24 months for legal compliance. You may request deletion at any time.
6. Your Rights
You have the right to:
- Request access to any personal data we hold about you
- Request correction or deletion of your data
- Withdraw consent for data processing at any time
- Lodge a complaint with a supervisory authority
7. Policy Changes
We may update this policy to reflect changes in our practices or legal requirements. Any significant changes will be communicated through our website.
8. Contact
To exercise your rights or ask questions about this policy, please use our contact form or email us directly at info@apivapt.com.