1. Introduction
Welcome to the Food Database API ("API," "we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use our API services, developer portal, and related documentation. Please read this policy carefully. If you disagree with its terms, please discontinue use of our services.
2. Information We Collect
2.1 Information You Provide Directly
When you register for an API key or create a developer account, we may collect:
- Full name and email address
- Company or organization name
- Billing information (processed securely through third-party payment processors)
- Use case description and intended application details
- Contact preferences and communication settings
2.2 Information Collected Automatically
When you use the Food Database API, we automatically collect:
- API request logs including endpoints accessed, timestamps, and HTTP status codes
- IP addresses and geographic location data (country/region level)
- Device and browser information for developer portal access
- Authentication tokens and API key usage patterns
- Rate limit consumption and quota usage statistics
- Error logs and diagnostic data for service improvement
2.3 Food Data Queries
We collect and may retain information about the food items, nutrients, and database queries you submit through the API. This data is used to improve our database accuracy, identify popular queries, and enhance service performance. Query data is anonymized where possible and not linked to individual users unless required for abuse prevention.
3. How We Use Your Information
We use the information we collect for the following purposes:
3.1 Service Provision
- Authenticate API requests and validate API keys
- Deliver food database query results and nutritional data
- Process payments and manage subscriptions
- Provide developer support and technical assistance
3.2 Service Improvement
- Analyze usage patterns to improve API performance and reliability
- Expand and curate our food and nutrition database
- Develop new features and data endpoints based on developer needs
- Conduct internal research and analytics
3.3 Security and Compliance
- Detect and prevent unauthorized API access and abuse
- Monitor for rate limit violations and terms of service breaches
- Comply with applicable laws and regulatory requirements
- Respond to legal requests from competent authorities
3.4 Communications
- Send transactional emails (API key confirmations, billing receipts)
- Notify you of material changes to this policy or our terms
- Share product updates, new features, and developer newsletters (with opt-out)
4. Data Sharing and Disclosure
We do not sell, trade, or rent your personal information to third parties. We may share your information in the following limited circumstances:
4.1 Service Providers
We engage trusted third-party service providers who assist us in operating our services, including cloud hosting providers, payment processors, analytics platforms, and customer support tools. These providers are contractually obligated to handle your data securely and only for the purposes we specify.
4.2 Legal Requirements
We may disclose your information if required to do so by law, subpoena, court order, or other governmental or law enforcement authority, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, or to investigate fraud or security issues.
4.3 Business Transfers
In the event of a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of the transaction. You will be notified via email and/or a prominent notice on our developer portal of any such change in ownership.
4.4 Aggregated or Anonymized Data
We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. For example, we may publish industry reports on trends in nutritional data queries.
5. Data Retention
We retain your personal information for as long as your developer account is active or as needed to provide services. Specifically:
- API key and account data: retained for the duration of your account plus 90 days after deletion
- Request logs: retained for up to 12 months for security and debugging purposes
- Billing records: retained for 7 years as required by applicable financial regulations
- Support communications: retained for 3 years
You may request deletion of your account and associated data at any time by contacting us at [email protected]. Certain data may be retained longer where required by law.
6. Data Security
We implement industry-standard security measures to protect your information, including:
- TLS 1.2 or higher encryption for all data in transit
- AES-256 encryption for sensitive data at rest
- API key hashing - we do not store raw API keys
- Regular security audits and penetration testing
- Role-based access controls within our organization
- Two-factor authentication for developer portal accounts
While we take reasonable precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your information.
7. Your Rights and Choices
Depending on your jurisdiction, you may have the following rights with respect to your personal data:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request erasure of your personal information (subject to legal obligations)
- Portability: Receive your data in a structured, machine-readable format
- Objection: Object to certain processing activities, including marketing communications
- Restriction: Request that we limit the way we process your data in certain circumstances
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.
9. Children's Privacy
The Food Database API and developer portal are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you become aware that a child has provided us with personal information without parental consent, please contact us immediately at [email protected] and we will take steps to delete such information.
10. International Data Transfers
Our servers are located in US East. If you access our API from outside this region, your information may be transferred to and processed in a country with different data protection laws. We implement appropriate safeguards, such as Standard Contractual Clauses, to ensure adequate protection of your data during international transfers.
11. Commercial Use and Paid Subscriptions
Commercial use of the Food Database API requires an active subscription to the Plus plan or higher (currently the Plus and Enterprise plans), as set out in Section 3 of our Terms and Conditions. The Free, Basic, and Core plans — including the paid Basic and Core plans — are licensed for non-commercial use only.
Where you use the API commercially, we collect and process your billing, subscription, and usage-type information — including the X-API-Usage-Type indicator you send with your requests and your associated usage metrics — to verify plan eligibility, enforce commercial-use requirements, and bill for your use. For the full commercial-use licensing terms, please refer to our Terms and Conditions.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on our developer portal and sending an email to your registered address at least 14 days before the changes take effect. Your continued use of the API after the effective date constitutes acceptance of the updated policy.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy, please contact:
- Privacy Officer - Food Database API
- Email: [email protected]
- Address: BusyBody FIT LTD, London United Kingdom
- Data Protection Officer (EU/EEA inquiries): [email protected]
