Privacy & GDPR Notice

Last updated: 9 June 2026. This notice explains how MyAPI.world handles personal data for the public website, client dashboard, admin dashboard, API gateway, wallet ledger, setup instructions, support, and transactional email.

Controller and contact

MyAPI.world is the service contact for this whitelabel coding API platform. Privacy, account, access, correction, deletion, and portability requests can be sent to support@myapi.world. We may ask for information needed to verify the requester before making account changes or releasing account data.

Personal data processed

• Account identifiers: username, email address, first name, surname, dashboard password fields, API token metadata, session records, account status, and admin-created marketplace delivery details.
• Service and billing records: Token Wallet balance, wallet adjustments, usage transactions, model name, request timestamps, token counts, charge amounts, and recent account activity.
• Technical and security data: IP address, user agent, request route, error details, authentication events, and operational logs needed to protect and operate the service.
• Support and communication data: email messages, SMTP delivery metadata, and any information a user or administrator sends to support.

Purposes and legal basis

• Contract and service delivery: create accounts, authenticate users, provide dashboard access, generate setup scripts, proxy API requests, maintain wallets, and show usage records.
• Legitimate interests: secure the platform, prevent abuse, debug errors, maintain service reliability, respond to support requests, and preserve audit records for administrators.
• Legal obligations: keep records where required for accounting, disputes, fraud prevention, tax, regulatory, or law enforcement requests.
• Consent: used only where a non-essential feature asks for consent. The public website does not set advertising or analytics cookies by default.

Recipients and processors

Personal data is available to authorised MyAPI administrators and technical operators where needed. Data may be processed by hosting providers, database services, SMTP/email providers, upstream coding model/API providers, and security or infrastructure vendors needed to run the service. API prompts, completions, tool results, and metadata may be sent to upstream model/API providers to fulfil API requests.

International transfers

Infrastructure and providers may operate in countries outside the European Economic Area or the United Kingdom. Where GDPR transfer rules apply, MyAPI.world relies on appropriate contractual, technical, and organisational safeguards available through the relevant provider relationship.

Retention

Account, wallet, usage, and security records are kept while the account is active and for a reasonable period afterwards for support, billing, dispute, abuse-prevention, and legal record purposes. Data that is no longer needed is deleted or anonymised where practical, unless retention is required for legal, security, or accounting reasons.

Cookies and browser storage

The public homepage does not load third-party advertising trackers or analytics scripts. The dashboard uses essential browser storage, including local storage, to keep users signed in, remember setup preferences, and show account state. These items are necessary for the service and can be cleared in the browser, although clearing them signs the user out.

Your rights

Depending on location and applicable law, users may have rights to access, correct, erase, restrict, object to processing, withdraw consent, and receive a portable copy of personal data. Users may also have the right to lodge a complaint with their local data protection authority. Requests should be sent to support@myapi.world.

Security

MyAPI.world uses HTTPS, authenticated dashboards, API bearer tokens, server-side access controls, operational logging, privacy-focused response headers, and administrator-only account issuance. Users should keep dashboard credentials and API tokens private and request token rotation if a token is exposed.

Children

MyAPI.world is intended for business and developer use and is not directed to children. Administrators should not knowingly create accounts for children.

Changes to this notice

This notice may be updated when services, providers, legal requirements, or operational practices change. The latest version is published on this page.