Privacy Policy - AltText API

Overview

AltText API ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use our AI-powered alt text generation API.

        Summary: We collect minimal data, don't store your images, and use OpenRouter as a GDPR-compliant intermediary for AI processing. Your images are not used for training.
      

Information We Collect

Account Information

Email address (for account creation and authentication)
Password (hashed with bcrypt, never stored in plain text)
Name (optional)

Usage Data

API key usage and request timestamps
Number of images processed
Total credits used
API endpoint accessed
AI model used for generation

Image Data

We process images you submit via our API to generate alt text. We do not permanently store your images. Images are only held in memory during processing and are immediately discarded after the alt text is generated.

For usage tracking and billing purposes, we store:

Image URLs (if provided)
Generated alt text
Language used
Cost of processing

How We Use Your Information

To provide and maintain our alt text generation service
To process billing and track usage
To authenticate API requests
To improve our service quality and reliability
To communicate with you about your account

Third-Party Services

OpenRouter (AI Processing)

We use OpenRouter as an intermediary to access AI vision models (Qwen 2.5 VL, Gemini 2.5 Flash Lite, and others). OpenRouter is GDPR compliant and:

Does not store your prompts or images by default
Uses Standard Contractual Clauses (SCCs) for EU data transfers
Ensures underlying AI providers don't use your data for training
Stores only metadata (token counts, latency) for reporting

Learn more: OpenRouter Privacy Policy

Cloudflare Workers

Our API is hosted on Cloudflare Workers. Cloudflare may collect:

IP addresses (for DDoS protection and routing)
Request logs (retained for 24 hours)

Learn more: Cloudflare Privacy Policy

Stripe (Payment Processing)

For payment processing, we use Stripe. We do not store your credit card information. Stripe handles all payment data securely and is PCI DSS compliant.

Learn more: Stripe Privacy Policy

Data Retention

Account data: Retained while your account is active
Usage records: Retained for 7 years (GDPR requirement)
Images: Not stored (processed in-memory only)
Generated alt text: Retained for billing and usage tracking

Data Security

We implement industry-standard security measures to protect your data:

All API requests use HTTPS encryption (TLS 1.3)
Passwords are hashed with bcrypt (10 rounds)
API keys are securely generated and stored
Database is hosted on Cloudflare D1 (encrypted at rest)

Your Rights (GDPR)

If you are in the European Economic Area (EEA), you have the following rights:

Access: Request a copy of your data
Rectification: Correct inaccurate data
Erasure: Request deletion of your account and data
Portability: Export your usage data
Objection: Object to certain data processing

To exercise these rights, contact us at: privacy@alttextapi.com

Cookies

We use minimal cookies and local storage:

Authentication: API key and email stored in browser localStorage
We do not use tracking cookies or analytics

Children's Privacy

Our service is not intended for users under 18. We do not knowingly collect data from children.

Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top will reflect changes. Continued use of our service after changes constitutes acceptance.

Contact Us

If you have questions about this Privacy Policy, please contact us:

Email: privacy@alttextapi.com
GitHub: nijaru/alttextapi