Privacy Policy

Effective: April 2026

What We Collect

When you use upc.dev, we collect minimal data necessary to operate the service:

• API Usage: For authenticated API users, we log request counts, endpoints accessed, and timestamps for rate limiting and billing. We do not log the content of API responses.
• Server Logs: Standard HTTP access logs (IP address, user agent, requested URL, response status) retained for 30 days for security and debugging.
• Account Data: If you register for an API key, we store your email address and API key hash. Passwords are never stored in plaintext.

What We Don't Collect

• No tracking pixels or third-party analytics on product pages
• No cookies for advertising or cross-site tracking
• No personal data sold to third parties
• No fingerprinting or device identification

Product Data

Product data displayed on upc.dev is aggregated from public sources (government databases, open data projects, public APIs). This is factual product information, not personal data. We do not collect or display information about individual consumers.

Third-Party Services

• Cloudflare: CDN and DDoS protection. Cloudflare may set security cookies. See Cloudflare's privacy policy.
• Google Fonts: Web fonts loaded from Google's CDN. See Google's privacy policy.
• Stripe: Payment processing for API subscriptions. See Stripe's privacy policy.

Data Retention

• Server logs: 30 days
• API usage metrics: retained for the duration of your account
• Account data: retained until you request deletion

Your Rights

You can request deletion of your account and associated data at any time. Contact us at upc.dev.

Last updated: April 2026