Privacy Policy

Last updated: June 2026

1. What We Collect

When you create an account, we collect your email address and a hashed password. If you purchase a paid tier, payment information is collected and processed by our third-party payment provider (see Section 4). We do not store your credit card number or payment credentials on our servers.

When you use the API, we log: your IP address, the endpoint called, request parameters, your API key identifier, response status code, response time, user agent string, and timestamp. These logs are used for rate limiting, abuse detection, billing verification, and service analytics.

When you visit the website, our server logs your IP address and request information as part of standard web server operation.

2. What We Do Not Collect

We do not use tracking cookies, analytics scripts, or advertising pixels. We do not track your browsing activity outside of direct interactions with lagoon.io. We do not sell, rent, or share personal data with third parties for marketing purposes. We do not build advertising profiles or engage in cross-site tracking.

3. How We Use Your Data

Account data is used for authentication, billing, and customer support. API usage logs are used for rate limiting, abuse detection, and aggregate service analytics. We do not use your data for any other purpose.

4. Cookies

We use a single session cookie for login authentication. We do not use tracking cookies, third-party cookies, or advertising cookies. The session cookie is marked secure, HTTP-only, and is deleted when you log out or when it expires.

5. Third-Party Services

We use the following third-party services to operate Lagoon:

• Cloudflare, DNS and security. Cloudflare may process your IP address and request headers. See Cloudflare's privacy policy.
• Resend, transactional email delivery (account verification, notifications). Receives your email address when we send you a message. See Resend's privacy policy.
• Payment processor, processes payments for paid tiers. Receives payment information you provide at checkout. We do not store your credit card number or payment credentials on our servers.

We do not share your data with any other third parties.

6. Data Retention

Account data is retained for the duration of your account and for a reasonable period after deletion for billing and legal purposes. API usage logs are retained for 90 days.

7. Security

All connections to Lagoon are encrypted via HTTPS. Passwords are stored using one-way hashing. API keys are stored as SHA-256 hashes. We use standard security practices to protect stored data. No system is perfectly secure, and we cannot guarantee absolute security.

8. Do Not Track

Lagoon does not track users across third-party websites and does not respond to Do Not Track browser signals. We do not engage in cross-site tracking of any kind.

9. Children's Privacy

Lagoon is not directed at children under 18. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected data from a minor, we will delete it promptly.

10. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users by email within 72 hours of confirming the breach and will provide details of what data was affected and what steps we are taking.

11. Your Rights

You may request deletion of your account data by contacting us. Upon deletion, your API keys will be revoked and your account information removed from our systems within 30 days. You may also request a copy of the personal data we hold about you.

12. Changes to This Policy

We may update this policy at any time. Changes take effect when posted. We will notify registered users by email of material changes. The "Last updated" date at the top reflects the most recent revision.

13. Contact

For privacy-related questions, contact us at [email protected].