EN | ES
Platform Infrastructure Use Cases Pricing Docs
Start Now

Privacy Policy

Your privacy is important to us. This policy explains how we handle your data.

Effective Date: March 10, 2026

1. Data Controller and Data Processor

Igniral is operated by an individual (persona física con actividad empresarial) based in Mexico. For any questions regarding data protection, you can contact us at:

Role Distinction: For your Account, Usage, and Payment Information, Igniral acts as the Data Controller. However, for any Service Data (including files uploaded to your endpoints and API User Data), you are the Data Controller and Igniral acts solely as a Data Processor on your behalf.

As a smaller business, we do not have a designated Data Protection Officer, but we take data protection seriously and will respond to all privacy-related inquiries within 30 days.

2. Information We Collect

We collect different types of information depending on how you interact with our services:

2.1 Account Information

  • Registration Data: Email address, name, and password (hashed and never stored in plain text)
  • Authentication Data: Two-factor authentication (2FA/TOTP) secrets if enabled
  • Profile Information: Any additional information you voluntarily provide

2.2 Service Data

  • Application Configurations: API schemas, endpoint definitions, access control rules you create.
  • Stored Data and Files: Any data you store through your APIs, including files uploaded to file endpoints. You retain all rights and full responsibility for this data. By uploading files or data, you represent and warrant that you have all necessary legal rights, consents, and permissions to store and process such information on our platform.
  • API User Data: Information about users you create within your private applications.

2.3 Usage Information

  • API Metrics: Request counts, latency, error rates, and endpoint usage statistics
  • Log Data: IP addresses, browser type, access times, and pages viewed
  • Feature Usage: Information about which features and tools you use

2.4 Payment Information

  • Billing Data: Processed securely through Stripe. We do not store your complete credit card numbers on our servers.
  • Transaction Records: Subscription history, payment dates, and invoice information

3. AI and Automated Processing

Igniral uses artificial intelligence to enhance your experience:

  • AI Schema Builder: Our AI analyzes your input to suggest optimal API schema structures. This processing is done to provide the service you requested.
  • Smart Type Inference: Automatic field type suggestions based on attribute names.

AI processing is performed solely to provide requested features. We do not use your data to train AI models without explicit consent, and AI-generated suggestions are always subject to your review and approval.

4. File Upload, Malware Scanning, and Content Responsibility

You are solely responsible for the content, legality, reliability, and appropriateness of all files you upload to your endpoints. You agree not to upload highly sensitive regulated data (such as HIPAA-protected health information or full PCI-DSS credit card data) within your files.

When you upload files to your file endpoints, we perform automated malware scanning to protect our platform and users. This scanning:

  • Analyzes files for known malware signatures and suspicious patterns.
  • May reject or delete files that are identified as potentially harmful.
  • Is performed in automated systems without human review of file contents.

We do not claim ownership, access, or review the contents of your files unless explicitly required by law, court order, or to investigate severe security incidents.

5. Legal Basis for Processing

We process your data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the services you signed up for (account management, API hosting, data storage)
  • Legitimate Interests: Service improvement, security monitoring, fraud prevention, and platform analytics
  • Legal Obligations: Compliance with applicable laws, tax requirements, and lawful government requests
  • Consent: For optional features like marketing communications (which you can withdraw at any time)

6. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and manage your subscription
  • Send technical notices, updates, security alerts, and support messages
  • Respond to your comments, questions, and customer service requests
  • Monitor and analyze usage trends and platform performance
  • Detect, investigate, and prevent fraudulent or unauthorized activities
  • Enforce our Terms of Service and other policies

7. Data Sharing and Third Parties

We minimize data sharing and only work with essential service providers:

7.1 Payment Processing

Stripe, Inc. processes all payment transactions. When you subscribe to a paid plan, your payment information is transmitted directly to Stripe. Please review Stripe's Privacy Policy for details on how they handle your information.

7.2 Infrastructure Providers

Google Cloud Platform (GCP) hosts our services. Data is stored in the following regions:

  • us-central1 (Iowa, USA)
  • northamerica-south1 (Mexico)

Google acts as a data processor under our instructions and maintains comprehensive security certifications (ISO 27001, SOC 2, etc.).

7.3 Analytics and Advertising

Google LLC provides analytics and advertising services through Google Analytics and Google Ads. These services are activated only after you provide explicit consent through our cookie consent banner. When consent is granted, Google may collect anonymized usage data and set cookies on your device. Please review Google's Privacy Policy for details. We implement Google Consent Mode v2 to ensure compliance with applicable privacy regulations.

7.4 We Do NOT:

  • Sell your personal data to third parties
  • Share your personal account data with advertisers
  • Load analytics or advertising scripts without your prior consent

7.5 Legal Disclosure

We may disclose your information if required by law, court order, or government request, or to protect the rights, property, or safety of Igniral, our users, or others.

8. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in Transit: All data transmitted between you and our servers uses TLS/HTTPS encryption
  • Encryption at Rest: Data stored on our servers is encrypted using AES-256 encryption
  • Password Security: Passwords are hashed using secure algorithms (never stored in plain text)
  • 2FA Support: Two-factor authentication available for enhanced account security
  • Access Controls: Strict authentication and authorization mechanisms
  • Rate Limiting: Protection against brute force and abuse attacks
  • Regular Audits: Security assessments and vulnerability monitoring

8.1 Data Breach Notification

In the event of a data breach that affects your personal information:

  • EU Users (GDPR): We will notify the relevant supervisory authority within 72 hours and affected users without undue delay
  • California Users (CCPA): We will notify affected residents within 30 calendar days of discovery
  • All Users: We will notify you promptly and provide guidance on protective measures

While we implement robust security measures, no system is 100% secure. We encourage you to use strong passwords and enable 2FA.

9. Data Retention

We retain your data for the following periods:

  • Account Data: Retained while your account is active and for 30 days after deletion request to allow recovery
  • Service Data: Retained while your account is active; deleted upon account deletion
  • Usage Logs: Retained for up to 90 days for security and analytics purposes
  • Transaction Records: Retained for 7 years to comply with tax and financial regulations
  • Backups: Retained for up to 30 days for disaster recovery purposes

You may request data deletion at any time through your account settings or by contacting us directly.

10. Cookies, Tracking Technologies, and Consent

We use cookies and similar technologies to operate our services, remember your preferences, and — with your explicit consent — analyze website usage and measure advertising effectiveness. This section explains what cookies we use, why we use them, and how you can control them.

10.1 What Are Cookies?

Cookies are small text files stored on your device by your web browser. They allow websites to recognize returning visitors, remember preferences, and collect usage data. Some cookies are essential for the site to function; others are optional and require your consent.

10.2 Strictly Necessary Cookies

These cookies are essential for the basic operation of our website and services. They do not require your consent under GDPR/ePrivacy because they are technically necessary. You cannot opt out of these cookies without breaking core site functionality.

Cookie Name Purpose Duration
JSESSIONID Maintains your authenticated session after login Session (deleted when you close your browser)
XSRF-TOKEN Protects against Cross-Site Request Forgery (CSRF) attacks Session
IGNIRAL_LOCALE Remembers your preferred language (English or Spanish) 1 year
IGNIRAL_CONSENT Stores your cookie consent preference (accepted or rejected). Shared across igniral.com and auth.igniral.com so you only need to choose once. 1 year

10.3 Optional Cookies (Analytics & Advertising)

These cookies are set only after you click “Accept” on our cookie consent banner. If you reject or ignore the banner, these cookies are never loaded and no data is sent to third parties.

Cookie Name Provider Purpose Duration
_ga Google Analytics Distinguishes unique visitors to understand site usage 2 years
_ga_* Google Analytics Maintains session state across page views 2 years
_gcl_au Google Ads Stores conversion data for advertising campaigns 90 days

We implement Google Consent Mode v2, which means Google’s scripts respect your consent choice. When consent is denied, Google does not set cookies and does not collect identifiable data.

10.4 How We Obtain Your Consent

When you first visit our website, a consent banner appears at the bottom of the page offering two choices:

  • Accept: Analytics and advertising cookies are activated. Google Analytics and Google Ads scripts load and begin collecting anonymized usage data.
  • Reject: No analytics or advertising cookies are set. Google scripts are never loaded. Your browsing remains completely private.

Your choice is stored in the IGNIRAL_CONSENT cookie and shared across all Igniral domains (igniral.com and auth.igniral.com), so you will not be asked again on either site.

10.5 Managing Your Cookie Preferences

You can change your cookie preferences at any time by:

  • Clearing cookies: Delete the IGNIRAL_CONSENT cookie from your browser settings. On your next visit, the consent banner will appear again.
  • Browser settings: Most browsers allow you to block or delete cookies through their privacy settings. Note that blocking strictly necessary cookies may impair site functionality.

For more information about cookies and how to manage them, visit allaboutcookies.org.

11. Your Rights

Regardless of your location, we provide you with the following rights regarding your personal data:

  • Access: Request a copy of the personal information we hold about you
  • Rectification: Request correction of inaccurate, incomplete, or outdated personal information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Portability: Request export of your data in a machine-readable format
  • Restriction: Request limitation of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw previously given consent at any time

To exercise these rights, contact us at privacy@igniral.com. We will respond within 30 days.

12. Information for European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation:

  • Right to Lodge a Complaint: You have the right to file a complaint with your local data protection authority
  • International Transfers: Your data is stored in North American data centers (USA and Mexico). We ensure appropriate safeguards are in place for any data transfers.

By using our services from the EEA, you acknowledge that your data will be transferred to and processed in North America.

13. Information for California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights:

  • Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you
  • Right to Correct: You have the right to request correction of inaccurate personal information
  • Right to Delete: You have the right to request deletion of your personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
  • No Sale of Data: We do not sell your personal information to third parties as defined under the CCPA
  • Global Privacy Control: We honor Global Privacy Control (GPC) signals. If your browser or device sends a GPC signal, we will treat it as a valid opt-out request

To exercise your CCPA/CPRA rights, contact us at privacy@igniral.com.

14. Aviso de Privacidad para México (LFPDPPP)

En cumplimiento con la Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP), informamos lo siguiente:

14.1 Identidad, Domicilio y Roles del Tratamiento

Igniral, operado por una persona física con actividad empresarial con domicilio en México. Para efectos de esta política:

  • Como Responsable: Igniral decide sobre el tratamiento de los datos de su cuenta, facturación y uso de la plataforma.
  • Como Encargado: Respecto a los archivos, bases de datos y registros que usted sube o procesa a través de sus APIs (Service Data), Igniral actúa únicamente como Encargado del tratamiento. Usted es el Responsable legal frente a los titulares de esa información y garantiza contar con las bases legales para transferirnos dichos datos para su alojamiento.

Para cualquier asunto relacionado con el tratamiento de sus datos personales, puede contactarnos a:

14.2 Datos Personales Recabados

Recabamos los siguientes datos personales:

  • Datos de identificación: Nombre completo, correo electrónico
  • Datos de autenticación: Contraseña (cifrada), secretos de 2FA
  • Datos de uso: Direcciones IP, métricas de API, configuraciones de aplicaciones
  • Datos financieros: Información de facturación procesada a través de Stripe

No recabamos datos personales sensibles (origen racial, estado de salud, orientación sexual, creencias religiosas, etc.).

14.3 Finalidades del Tratamiento

Finalidades Primarias (necesarias para el servicio):

  • Crear y administrar su cuenta de usuario
  • Proporcionar los servicios de API que usted contrate
  • Procesar pagos y gestionar suscripciones
  • Enviar notificaciones técnicas y de seguridad
  • Atender solicitudes de soporte técnico

Finalidades Secundarias (opcionales):

  • Enviar comunicaciones promocionales sobre nuevas funcionalidades
  • Realizar análisis estadísticos para mejorar el servicio

Si no desea que sus datos sean tratados para finalidades secundarias, puede manifestar su negativa enviando un correo a privacy@igniral.com con el asunto "Negativa Finalidades Secundarias".

14.4 Transferencias de Datos

Sus datos personales pueden ser transferidos a:

  • Stripe, Inc. (Estados Unidos) - Para procesamiento de pagos
  • Google Cloud Platform (Estados Unidos y México) - Para alojamiento de infraestructura

Estas transferencias se realizan conforme a los artículos aplicables de la LFPDPPP y sus reglamentos. Al utilizar nuestros servicios, usted consiente estas transferencias.

14.5 Derechos ARCO

Usted tiene derecho a:

  • Acceso: Conocer qué datos personales tenemos y cómo los usamos
  • Rectificación: Solicitar la corrección de datos incorrectos, incompletos o desactualizados
  • Cancelación: Solicitar la eliminación de sus datos personales mediante el proceso de bloqueo y supresión (los datos se resguardan de forma segura durante un período de bloqueo antes de su eliminación definitiva)
  • Oposición: Oponerse al tratamiento de sus datos para ciertas finalidades, incluyendo cuando el tratamiento automatizado produzca efectos jurídicos adversos o afecte significativamente sus derechos

Procedimiento para ejercer derechos ARCO:

  1. Envíe un correo electrónico a privacy@igniral.com
  2. Incluya: nombre completo, correo electrónico registrado, descripción clara del derecho que desea ejercer, y documentos que acrediten su identidad
  3. Responderemos en un plazo máximo de 20 días hábiles
  4. Si la solicitud es procedente, se hará efectiva dentro de los 15 días hábiles siguientes

14.6 Revocación del Consentimiento

Usted puede revocar el consentimiento otorgado para el tratamiento de sus datos personales en cualquier momento, siguiendo el mismo procedimiento descrito para los derechos ARCO. Tenga en cuenta que la revocación puede resultar en la imposibilidad de continuar proporcionándole nuestros servicios.

14.7 Limitación del Uso o Divulgación

Si desea limitar el uso o divulgación de sus datos personales, puede solicitarlo a través de privacy@igniral.com. Confirmaremos su inscripción en nuestro listado de exclusión.

14.8 Autoridad Reguladora

Si considera que su derecho a la protección de datos personales ha sido vulnerado, puede acudir a la Secretaría de Anticorrupción y Buen Gobierno (autoridad competente para recibir denuncias relacionadas con la LFPDPPP).

15. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@igniral.com so we can delete such information.

16. International Data Transfers

Your data is stored and processed in data centers located in:

  • United States: us-central1 (Iowa)
  • Mexico: northamerica-south1 (Querétaro)

If you access our services from outside North America, please be aware that your data will be transferred to and processed in these regions. By using our services, you consent to this transfer.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

  • We will update the "Effective Date" at the top of this page
  • For significant changes, we will notify you via email or through a prominent notice on our platform

We encourage you to review this policy periodically. Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

We aim to respond to all privacy-related inquiries within 30 days.