This Privacy Policy describes how IsValid (“we”, “us”, or “our”) collects, uses, and protects information when you use the IsValid API and associated services (collectively, the “Service”). By using the Service you agree to the practices described in this policy.
1. Data We Collect
Account data. When you register, we collect your email address and a hashed password. We do not store payment card data — payments are handled by our payment processor.
API request data. Each call to the IsValid API transmits a value to be validated (for example, an IBAN, email address, or phone number) together with the validator type and your API key. We log metadata about each request (timestamp, validator type, response time, HTTP status) for billing, quota enforcement, and service monitoring. The submitted values themselves are not stored persistently — they are used solely to perform the validation and are discarded after the response is returned.
Usage data. We collect aggregate statistics (total requests per day, error rates, latency) tied to your account for the purpose of displaying usage information in your dashboard and enforcing plan limits.
Technical data. Standard server logs include IP addresses, HTTP method, path, and User-Agent. These are retained for up to 30 days for security and abuse-prevention purposes.
2. How We Use Your Data
- To provide and operate the validation Service
- To enforce rate limits and plan quotas
- To display usage statistics in your account dashboard
- To send transactional emails (account creation, quota warnings, password reset)
- To detect and prevent abuse, fraud, and security incidents
- To improve the accuracy and performance of validators
We do not sell your data to third parties. We do not use submitted field values for advertising or profiling.
3. WordPress Plugin
The IsValid – Data Validation WordPress plugin sends user-submitted field values from your WordPress site to the IsValid API (api.isvalid.dev) for real-time validation. This transmission occurs server-side — the end user's browser communicates only with your WordPress server, not directly with our API.
The plugin does not store submitted field values in the WordPress database. Caching (if enabled by the site administrator) stores only the validation result (valid/invalid) keyed by a hash of the value — not the value itself in plain text.
As a WordPress site administrator using this plugin, you are responsible for informing your site visitors that their input may be validated against an external API, in accordance with applicable data protection laws (such as GDPR).
4. Data Retention
Submitted validation values are not stored persistently and are discarded immediately after the API response is returned.
Request metadata (type, timestamp, status) is retained for the duration of your account plus 90 days after account deletion.
Server logs are retained for up to 30 days.
Account data is retained until you delete your account or your account is removed under our inactive account policy.
5. Data Sharing
We do not sell or rent your personal data. We may share data with:
- Infrastructure providers — cloud hosting and database providers under data processing agreements
- Payment processors — for billing; they receive only the information necessary to process your payment
- Law enforcement — when required by applicable law or to protect the rights, property, or safety of IsValid or others
6. Your Rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your account and associated data
- Object to or restrict certain processing
- Data portability (receive your data in a machine-readable format)
To exercise any of these rights, contact us at info@isvalid.dev. We will respond within 30 days.
7. Cookies
We use a session cookie to keep you logged in to the dashboard. We do not use tracking cookies or third-party advertising cookies.
8. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email at least 14 days before the new policy takes effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
9. Contact
For privacy-related questions or requests, contact us at info@isvalid.dev.