Privacy policy
Summary
InputGate is an inbound-filtering API. We handle two distinct categories of personal data:
- Account data — your email and authentication identifier, used to give you access to the service.
- Submission data — the content and IP addresses your end-users submit through your forms, which you forward to us for spam analysis on your behalf.
For submission data, your default retention setting is "flagged_only": we score the submission, immediately discard the fields and IP if it's clean, and only retain content for submissions flagged as spam (for review). You can override this to "none" per request to prevent any retention of submission content.
1. Who we are
This policy applies to InputGate (the "Service") operated by FreeMan LLC ("we", "us", "our"), with a registered office at Spokane, WA 99201, USA.
For data-protection inquiries, contact our Data Protection point of contact at [email protected].
2. Data we collect
2.1 Account data (you)
| Category | Source | Why we have it |
|---|---|---|
| Email address | You provide it at sign-up | Authentication, billing, transactional notices |
| Authentication identifier | Clerk (our auth provider) | To recognise you between sessions |
| Plan & billing identifier | You / Stripe | To bill the correct plan |
| API key hashes | Generated by the service | To authenticate API requests (we store only SHA-256 hashes, never raw keys) |
| Usage counters | Auto-generated per API call | To enforce monthly quotas |
2.2 Submission data (your end-users, processed on your behalf)
When you call POST /v1/check, you forward us:
- The fields object — text values your end-user typed (e.g. name, message, email).
- The end-user's IP address (
client_ip) — used for geo-filtering and reputation checks. - Your domain and optional source label — for your own log organisation.
Whether and for how long we retain submission content is controlled by you via the retention parameter — see §5 Retention.
3. Purposes & lawful basis
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Operating your account & processing API calls | Performance of contract |
| Billing & tax compliance | Performance of contract / legal obligation |
| Filtering spam on behalf of customers (submission data) | Legitimate interest of the customer; we process as processor under the DPA |
| Maintaining quota counters | Legitimate interest (billing accuracy) |
| Security & abuse prevention | Legitimate interest |
| Transactional emails (quota alerts, security notices) | Performance of contract |
4. Retention
4.1 Submission data — your choice, per request
The retention parameter on every /v1/check request controls retention of submission content:
"none"— submission content and IP are processed in memory and immediately discarded. Only an anonymised quota row is kept."flagged_only"(default) — content is retained only for submissions our model flagged as spam, for review purposes. Clean submissions store metadata only."full"— all submission content is retained.
Where content is retained, it is automatically deleted after 30 days by default, or after the retention window configured on your account (Scale plan and above). The deletion runs daily.
4.2 Account & billing data
Retained for the duration of your account and for up to 7 years after closure, as required by tax and accounting regulations in our jurisdiction.
4.3 Backups
Encrypted backups are rotated on a 30-day cycle. Erasure requests are honoured against live systems immediately; backup data containing erased records is overwritten in the normal rotation.
5. Sharing & sub-processors
We do not sell personal data. We share data only with the following sub-processors, each bound by a written data-processing agreement:
| Sub-processor | Role | Location |
|---|---|---|
| Cloudflare, Inc. | Edge compute, database (D1), object storage (R2), hosting | Global edge; primary regions configurable |
| IPinfo.io | GeoIP lookups on client_ip | USA |
| Clerk | Authentication identity provider | USA |
| Stripe | Payment processing | USA / EU |
We do not transfer submission content to any sub-processor other than as required to operate the service. The current list is maintained at inputgate.cloud/sub-processors; material changes are notified by email at least 30 days in advance.
6. International transfers
Where personal data is transferred outside the EEA/UK, we rely on Standard Contractual Clauses (SCCs) and, where applicable, additional safeguards such as transit encryption and pseudonymisation. EU-only deployment is available on the More plan — contact us.
7. Your rights under GDPR & UK GDPR
If you are a data subject in the EEA, UK, or another jurisdiction with similar rights, you may:
- Access — request a copy of your personal data.
- Rectification — correct inaccurate data.
- Erasure — request deletion. For end-user submission data, your customer can use
POST /v1/erasureprogrammatically; we honour the audit-logged result. - Portability — receive your account data in a machine-readable format.
- Restriction & objection — limit or object to certain processing.
- Lodge a complaint — with your local supervisory authority.
To exercise any of these rights, email [email protected]. We respond within 30 days.
8. Security
We apply technical and organisational measures appropriate to the risk:
- TLS 1.2+ for data in transit.
- Encrypted-at-rest storage (Cloudflare D1, R2).
- API keys stored as SHA-256 hashes only.
- Bearer-token authentication with rate limiting and quota enforcement.
- Audit logging for sensitive operations (erasure, key rotation, plan changes).
- Sub-processors reviewed before onboarding and re-assessed annually.
- Documented breach-notification process (72 hours to authority / without undue delay to customers).
9. Cookies
The InputGate API does not set cookies. The InputGate dashboard uses essential cookies for authentication (via Clerk) and CSRF protection. We do not use advertising, tracking, or analytics cookies that share data with third parties.
10. Children
InputGate is a B2B service not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have, contact us and we will delete the data.
11. Changes to this policy
We will notify you by email of material changes at least 30 days before they take effect. Non-material changes (typos, clarifications) may be made without notice; the "Last updated" date at the top reflects the most recent revision.
12. Contact
Data Protection point of contact: [email protected]
General: [email protected]
Postal: FreeMan LLC, Spokane, WA 99201, USA