Privacy Policy

Gibs API — Privacy Policy Effective date: February 10, 2026 Last updated: February 10, 2026

This Privacy Policy describes how Gibbr AB ("we", "us") collects, uses, and protects information when you use the Gibs API ("Service").

1. Data Controller

Gibbr AB is the data controller for personal data processed in connection with the Service, in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR").

Contact: [email protected]

2. What We Collect

2.1 Account Data

When you register, we collect:

Email address
Company name (optional)
Billing information (processed by Stripe; we do not store payment details)

2.2 Usage Data

When you use the Service, we automatically collect:

API request timestamps
Query metadata (endpoint called, response time, status code)
IP address
API key identifier

2.3 Query Content

Your API queries are processed to generate responses. Query content may be temporarily cached for performance optimization (max 24 hours).

2.4 What We Do NOT Collect

We do not collect personal data from your end users
We do not use tracking cookies or third-party analytics on the API
We do not process special categories of personal data (Article 9 GDPR)

3. How We Use Your Data

Purpose

Legal Basis (GDPR)

Provide the Service

Performance of contract (Art. 6(1)(b))

Billing and invoicing

Performance of contract (Art. 6(1)(b))

Rate limiting and abuse prevention

Legitimate interest (Art. 6(1)(f))

Service monitoring and improvement

Legitimate interest (Art. 6(1)(f))

Legal compliance

Legal obligation (Art. 6(1)(c))

We do not sell, rent, or share your personal data with third parties except:

Stripe: Payment processing. See Stripe's Privacy Policy.
Infrastructure providers: Hosting services that process data on our behalf under data processing agreements.
Legal requirements: If required by Swedish or EU law, court order, or regulatory authority.

5. Data Retention

Data Type

Retention Period

Account data

Duration of account + 12 months

Usage logs

90 days

Query cache

24 hours

Billing records

7 years (Swedish accounting law)

Upon account deletion, personal data is removed within 30 days, except where retention is required by law.

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

Encryption in transit (TLS 1.2+)
API key authentication
Rate limiting
Access controls on infrastructure

7. International Transfers

Your data is processed within the EU/EEA. If any sub-processor transfers data outside the EEA, appropriate safeguards (Standard Contractual Clauses) are in place.

8. Your Rights

Under GDPR, you have the right to:

Access your personal data (Art. 15)
Rectify inaccurate data (Art. 16)
Erase your data ("right to be forgotten") (Art. 17)
Restrict processing (Art. 18)
Data portability (Art. 20)
Object to processing based on legitimate interest (Art. 21)
Lodge a complaint with the Swedish Authority for Privacy Protection (IMY) at imy.se

To exercise your rights, contact [email protected]. We will respond within 30 days.

9. Changes to This Policy

We may update this Privacy Policy. Material changes will be communicated via email. The "Last updated" date at the top reflects the most recent revision.

10. Contact

Gibbr AB Email: [email protected] Supervisory authority: Integritetsskyddsmyndigheten (IMY), imy.se

This Privacy Policy was last updated on February 10, 2026.

PreviousTerms of Service NextChangelog

Last updated 24 minutes ago

Good night

hashtag1. Data Controller

hashtag2. What We Collect

hashtag2.1 Account Data

hashtag2.2 Usage Data

hashtag2.3 Query Content

hashtag2.4 What We Do NOT Collect

hashtag3. How We Use Your Data

hashtag4. Data Sharing

hashtag5. Data Retention

hashtag6. Data Security

hashtag7. International Transfers

hashtag8. Your Rights

hashtag9. Changes to This Policy

hashtag10. Contact