Privacy Policy

This Privacy Policy explains how Human Interface Design LLC collects, uses, shares, and protects information when you use mtaapi.dev, including the website, dashboard, hosted API, documentation, and related services.

mtaapi.dev is not affiliated with, endorsed by, or sponsored by the Metropolitan Transportation Authority.

Account information: when you sign up or sign in, we may collect identifiers such as your name, email address, authentication provider, account ID, and related profile information.

Billing information: paid subscriptions and invoices are managed through Clerk Billing and processed by our payment processor. We may receive billing status, customer IDs, subscription IDs, plan details, payment status, tax status, and limited billing metadata. We do not store full payment card numbers.

API and usage information: when you use the hosted API, we may log API key identifiers, endpoint paths, request timing, response status, rate-limit activity, usage counts, user agent, IP address, and operational metadata needed to provide and secure the service.

Support and communications: if you contact us, join a waitlist, or request support, we collect the information you choose to provide.

Website analytics: we may collect basic analytics and performance information, such as page views, referrers, device/browser information, and approximate location derived from IP address.

We use information to provide the service, authenticate users, provision and manage API keys, process subscriptions, enforce plan limits, troubleshoot issues, prevent abuse, improve reliability, communicate with you, and comply with legal obligations.

We may use aggregated or de-identified usage information to understand service performance, plan capacity, product adoption, and API demand.

We share information with service providers that help us operate mtaapi.dev, including hosting, analytics, authentication, payment processing, email delivery, API-key management, observability, and security vendors.

Current service providers may include Vercel, Clerk, payment processors, Unkey, Resend, and analytics or observability providers used to operate the service.

We may disclose information if required by law, legal process, security needs, fraud prevention, protection of rights, business transfers, or with your direction or consent.

We and our providers may use cookies, local storage, and similar technologies for authentication, session management, fraud prevention, preferences, analytics, and service operation.

You can control cookies through your browser settings, but disabling certain cookies may prevent the dashboard or authentication flows from working correctly.

We retain information for as long as needed to provide the service, maintain business records, comply with legal obligations, resolve disputes, enforce agreements, secure the service, and support operational needs.

API logs and operational telemetry may be retained for shorter periods than account or billing records, unless needed for security, debugging, compliance, or abuse prevention.

We use reasonable technical and organizational safeguards designed to protect information. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

You are responsible for protecting your account credentials and API keys and for promptly rotating keys you believe may be exposed.

mtaapi.dev is operated from the United States. If you access the service from outside the United States, your information may be processed in the United States or other countries where we or our service providers operate.

You may request access, correction, deletion, or export of personal information by contacting us. We may need to verify your identity and may retain certain information where required or permitted by law.

You can manage many account, billing, and API-key settings directly in the dashboard. You can unsubscribe from non-essential marketing communications using the instructions in those messages when available.

The service is intended for developers and businesses and is not directed to children under 13. We do not knowingly collect personal information from children under 13.

We may update this Privacy Policy from time to time. If changes are material, we will take reasonable steps to notify users, such as posting the updated policy or updating the effective date.

Questions or privacy requests can be sent to legal@mtaapi.dev.