Privacy Policy
Last updated: July 10, 2026
What we store
- Email address — for OTP authentication and notifications
- Session ID — cookie, valid 90 days with sliding refresh
- Transaction history — required for billing audit
- Job history — your past tasks (URLs, results, downloads)
- IP address & user agent — last 7 days, for security/abuse detection only
What we DON'T store
- No tracking pixels, no Google Analytics, no third-party scripts loading from your dashboard
- No fingerprinting
- No selling of data — your email and usage stays with us
- We never send marketing email beyond service notifications you opt into
Cookies
Only one cookie: restoapi_sid, httpOnly, Secure, SameSite=Lax. No advertising cookies, no analytics cookies. There's a temporary pending_email cookie during the OTP flow (cleared after verify).
GDPR — your rights
EU residents (and everyone, really) can:
- Access — request a copy of all data we have on you (within 30 days)
- Delete — request deletion of your account and all linked data
- Correct — update your email or other profile info
- Object — opt out of email notifications anytime (in settings)
Send any request to support@restoapi.org.
Data location
Our servers are in Europe. Data is encrypted at rest and in transit (HTTPS-only).
Third parties
We use:
- Beget — email delivery for OTP and notifications
- Stripe (coming v2) — payment processing
- Source platforms (Wolt, Google) — we fetch their public data on your behalf
Children
This service is not intended for users under 16.
Changes
Material changes to this policy will be emailed to active users at least 14 days before taking effect.
Questions? Write to support@restoapi.org.