XferAPI is a high-availability distributed credits system API that enables atomic multi-account credits operations with consistency guarantees and zero-sum accounting.

How much does XferAPI cost?

XferAPI offers a free tier with 10,000 credits operations per month. Paid plans start at $0.01 per successful operation with volume discounts available.

Yes, XferAPI uses TLS 1.3 encryption, implements OAuth 2.0 authentication, and maintains SOC 2 Type II compliance with comprehensive audit trails.

Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your information when you use XferAPI.

Last updated: January 15, 2024

Our Privacy Principles

These principles guide how we handle your data and protect your privacy.

Data Protection

We implement industry-leading security measures to protect your data.

Transparency

We are transparent about what data we collect and how we use it.

Access Control

You have full control over your data and can request deletion anytime.

Privacy by Design

Privacy considerations are built into every feature from the ground up.

1. Information We Collect

Account Information

When you create an account, we collect basic information including your email address, name, and company information. This information is used to provide you with access to our services and communicate important updates.

Usage Data

We automatically collect information about how you use our API, including:

API requests and responses (excluding sensitive payload data)
Transaction metadata (timestamps, statuses, reference IDs)
Performance metrics and error logs
IP addresses and user agent information

Financial Data

To process transfers, we collect minimal financial information:

Account identifiers (your internal account IDs)
Transaction amounts and descriptions
Transfer metadata and reference information

We never store sensitive financial data like bank account numbers, credit card information, or personal financial details.

2. How We Use Your Information

We use the collected information to:

Provide and maintain our transfer services
Process transactions and ensure system reliability
Monitor system performance and prevent fraud
Communicate service updates and important notifications
Improve our services and develop new features
Comply with legal obligations and regulatory requirements

3. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information in the following circumstances:

Service Providers

We work with trusted third-party service providers who help us operate our business, such as cloud hosting providers, monitoring services, and payment processors. These providers are bound by strict confidentiality agreements.

Legal Requirements

We may disclose information when required by law, such as in response to valid legal requests from authorities or to protect our rights and the safety of our users.

Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of that transaction. We will notify users of any such change.

4. Data Security

We implement comprehensive security measures to protect your information:

All data is encrypted in transit using TLS 1.3
Data at rest is encrypted using AES-256 encryption
Access controls and multi-factor authentication for all systems
Regular security audits and penetration testing
SOC 2 Type II compliance with ongoing monitoring
Incident response procedures and breach notification protocols

5. Data Retention

We retain different types of data for varying periods based on business and legal requirements:

Account information: Retained while your account is active plus 7 years
Transaction data: Retained for 7 years for audit and compliance purposes
Log data: Retained for 1 year for system monitoring and debugging
Marketing communications: Until you unsubscribe

You can request deletion of your data at any time, subject to legal retention requirements.

6. Your Rights and Choices

You have the following rights regarding your personal information:

Access and Portability

You can request access to your personal information and receive a copy in a machine-readable format.

Correction

You can update your account information at any time through your dashboard or by contacting us.

Deletion

You can request deletion of your account and personal information, subject to legal retention requirements.

Restriction and Objection

You can restrict or object to certain processing of your personal information where legally applicable.

7. International Transfers

XferAPI is operated from the United States. If you are located outside the US, your information will be transferred to and processed in the US. We implement appropriate safeguards to ensure your data receives adequate protection.

8. Children's Privacy

XferAPI is not intended for use by children under 13. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will delete such information.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of any material changes by email and by posting the updated policy on our website. Your continued use of our services after changes become effective constitutes acceptance of the revised policy.

10. Contact Us

If you have questions about this Privacy Policy or how we handle your information, please contact us:

Email: contact@xferapi.com

Address: XferAPI Inc.
123 Privacy Street
San Francisco, CA 94105
United States

Data Protection Officer: contact@xferapi.com

Note: This privacy policy is effective as of January 15, 2024. For questions about privacy practices or to exercise your rights, please contact us using the information provided above.