Privacy Policy

Effective: 2026-06-21   Operator: X80 Pte. Ltd. (Singapore) — "we", "us"   Service: the MyAPI platform at myapihq.com and its APIs (auth, email, domains, funnels, billing, and related primitives) — "the Service"

1. Who this policy is for

MyAPI is an API platform used by developers and agents ("customers") to build applications. This policy covers two groups of people:

2. What we collect

From customers: account email, organization details, API-key identifiers (never the secret in plaintext after creation), billing records, and the configuration you create (domains, mailboxes, funnels, workflows).

From API traffic: request and response metadata — timestamp, source IP, API-key identifier, endpoint, payload size, latency, and status code — plus the content you send to an endpoint for the duration needed to fulfil it.

From end users signing in (authentication API): when a customer's application uses MyAPI to authenticate an end user via a third-party identity provider (for example, Google), we receive from that provider the end user's basic profile: their unique account identifier, email address, email-verified status, display name, and profile picture URL. We collect only what the customer's application needs to establish the end user's identity.

3. Google user data

When an end user signs in with Google through the MyAPI authentication API, MyAPI requests only the openid, email, and profile scopes. We use this data solely to:

MyAPI's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising, we do not sell it, we do not transfer it to others except to deliver the sign-in to the customer application that requested it or as required by law, and we do not use it to train any models.

4. What we do with it

We do not train models on your data, sell personal data, or use request content for marketing.

5. Retention

6. Subprocessors

The Service runs on third-party infrastructure that processes data on our behalf:

End-user sign-in additionally involves the identity provider the end user chooses (for example, Google), governed by that provider's own privacy policy.

7. Your rights

If you are an end user of a customer's application, the customer is the controller of your data; please direct access or deletion requests to them, and we will assist them as processor. For direct customer requests, write to simon@myapihq.com with the account or API-key identifier and the right you wish to exercise. We respond within 30 days.

8. Security

9. Changes

We will notify customers of material changes to this policy at least 30 days before they take effect, by email to the account contact on file.

10. Contact

Operator: X80 Pte. Ltd. (Singapore)   Email: simon@myapihq.com