Rest Faker← Back to home

Privacy Policy

Effective date: May 25, 2026  ·  Last updated: May 25, 2026

1. Overview

Rest Faker ("we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and what rights you have regarding your data when you use our Service at restfaker.dev.

By using the Service, you agree to the collection and use of information as described in this policy.

2. Information We Collect

Information you provide directly

  • Account information — first name, last name, email address, and password (stored as a bcrypt hash) when you register with an email address.
  • Profile information — optional company name added through your profile settings.
  • Feedback — any messages you submit through our feedback form.

Information collected automatically

  • Usage data — the number of API requests made against your schemas, recorded per schema and reset monthly.
  • Log data — server logs including request timestamps, HTTP methods, and response codes for operational monitoring.
  • Session tokens — a JWT stored in an httpOnly cookie used to keep you logged in.

Information from third-party providers

  • GitHub / Google OAuth — if you choose to sign in via GitHub or Google, we receive your name and primary email address from that provider. We do not receive your password.
  • Paddle — our payment processor. When you subscribe to a paid plan, Paddle provides us with a customer ID to associate your account with your subscription. We do not store your card details.

3. How We Use Your Information

  • To create and manage your account and authenticate you.
  • To provide, operate, and improve the Service.
  • To enforce subscription plan limits (request counts, schema counts, project counts).
  • To send transactional emails — email verification codes, password reset links, welcome messages, and billing notifications.
  • To respond to support requests you submit.
  • To detect and prevent abuse, fraud, or violations of our Terms of Service.
  • To comply with legal obligations.

We do not sell your personal information to third parties.

4. Data Storage and Security

Your data is stored in a PostgreSQL database. Passwords are stored as bcrypt hashes and are never stored in plain text. Session tokens are stored in httpOnly cookies inaccessible to JavaScript.

We use Redis for short-lived caching (rate limiting state) and do not persist personally identifiable information there.

While we implement reasonable technical and organisational measures to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

5. Cookies

We use a single httpOnly cookie named token to store your JWT authentication token. This cookie is strictly necessary for the Service to function and cannot be opted out of while using the Service.

We do not use third-party advertising or analytics cookies.

6. Third-Party Services

We share limited data with the following third-party services to operate the Service:

  • Paddle — handles all payment processing and subscription management. Your billing information is collected and stored by Paddle under their own Privacy Policy.
  • GitHub — used for optional OAuth sign-in. Governed by GitHub's Privacy Statement.
  • Google — used for optional OAuth sign-in. Governed by Google's Privacy Policy.
  • Mailtrap — used to deliver transactional emails (verification codes, password resets, billing notifications). Email content and recipient addresses are processed by Mailtrap to deliver these messages.

7. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal information within a reasonable timeframe, except where we are required to retain it for legal or financial record-keeping obligations.

API request logs are retained for operational and debugging purposes and are subject to periodic purging.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — update or correct inaccurate data via your profile settings or by contacting us.
  • Deletion — request deletion of your account and associated personal data.
  • Portability — request your data in a machine-readable format.
  • Objection — object to certain types of data processing.

To exercise any of these rights, contact us at support@restfaker.dev. We will respond within 30 days.

9. Children's Privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page and, where appropriate, by email. Your continued use of the Service after the changes take effect constitutes your acceptance of the revised policy.

11. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy, please reach out to us at support@restfaker.dev.