🚀 Experience the new and improved APIVoid! Check out what's new
At APIVoid, we prioritize your privacy and are committed to minimizing the data we collect about you. We strive to be transparent about the data we store, the reasons for collecting it, and how it is used. Below, we have outlined some important sections in detail to help you easily understand what data we save, how it is processed, and by whom.
When you visit our website using a web browser or another application, we collect and store certain data, including your IP address, the web pages you visit, your user agent string, and other browser-related information. These logs are standard practice for most websites. We use web servers such as Nginx, Apache, and potentially others, to operate our websites, and these servers automatically log web requests. This data is primarily used for: [1] debugging purposes, to troubleshoot client-side and server-side issues (such as 404 or 502 errors); [2] security purposes, such as identifying potential web attacks, detecting and mitigating abuse (e.g., excessive requests from a single IP address), and ensuring the website’s stability. Web server logs are typically retained for 90 days, after which they are automatically deleted. This data may be stored across different cloud hosting providers, including Google Cloud Platform (located in the US) and Hetzner Online GmbH (located in Germany). For more information on hosting providers we use, please refer to our subprocessors list.
We aim to save as little information as possible when you create an account to use our service. Our system is designed to store only the strictly necessary data, which includes your IP address, email address, and password (encrypted). These details are essential for account creation. You will need to verify your email address to activate your account; any account with an unverified email address will be automatically deleted after 15 days. We use your email address for account-related notifications, such as password reset requests or important updates about your account. The IP address, recorded when you create an account and at each login attempt, is primarily used for security purposes. This helps us identify and prevent activities such as abuse, attacks on our service, or attempts to create duplicate accounts. Your password is stored in an encrypted format using strong encryption methods and computationally intensive iterations to enhance security and protect against cracking attempts. It is used for account authentication along with your email address. All account-related data is securely stored on the Google Cloud Platform (located in the US) and will be retained for as long as your account remains active on our service.
By default, we do not handle payments or invoices directly. Instead, we designed our system to utilize a third-party merchant of record and payment service, Paddle Market Limited (located in the UK), to fully manage payments and invoices for automated monthly and yearly subscriptions. By using our service, you acknowledge that Paddle handles all payments and invoices and that they will process and store the data you provide during the payment process in accordance with their privacy policy. Paddle is a well-known merchant of record, certified with SOC2 Type 2, PCI, and GDPR compliance. You further acknowledge that we can access your data via the Paddle dashboard since they share this information with us. This allows us to verify orders placed through our service and view any details you provided to Paddle during your purchase of our subscription or service. In specific cases, such as for custom contracts or Enterprise plans, we may use Stripe (located in the US) for payments and occasionally PayPal (also located in the US). If you request a quote from us or make a direct payment to our company bank account or credit card, your data will be processed and stored by our tax accountant and the platform Fatture In Cloud by MadBit Entertainment S.r.l. (located in Italy), which we use to create quotes and manage invoices issued directly by our company.
We have minimal interest in your data and even less interest in sharing the limited information we store. The data we collect and store in our systems, such as web server logs, email addresses, and IP addresses used to create accounts, is primarily used internally and for security purposes. However, in certain circumstances, you acknowledge and accept that we may need to share your information with law enforcement or cybersecurity agencies. These circumstances include: if we have reason to believe a website visitor has attempted an attack on our services; if a registered user has provided invalid, fraudulent, or fake information (e.g., a disposable email address) during account creation; if a customer is using our services to engage in unethical or illegal activities that could harm our services, our company, or third-party businesses. Additionally, you acknowledge that we may be legally obligated to provide information about visitors or customers to law enforcement agencies in specific situations and that we are required to comply with such laws.
By default, our APIs process requests in real time and do not permanently retain submitted data, except as described below. For the Domain Age API, Domain Info API, and similar services, we may cache publicly accessible domain WHOIS data to improve performance and reduce upstream query load. The retention period for this WHOIS cache depends on data volatility and technical requirements. Cached data is stored internally and is not shared with third parties. Some APIs (e.g., screenshot rendering services) may temporarily log technical error information for debugging and service improvement purposes. Where APIs operate using sessions, we may temporarily store session data and the resulting JSON report, typically for a few hours and in any event no longer than 30 days, to enable status checks and report retrieval. During periods of high system load, our infrastructure may also temporarily cache specific API requests or responses to improve performance and stability; such caching is automated and retained for no longer than 24 hours.
Certain services (e.g., the IP Reputation API) may forward submitted indicators (such as IP addresses or domain names) to third-party reputation or threat intelligence providers integrated into our platform. Such forwarding is limited to what is necessary to provide the requested analysis. These providers act as independent data controllers under their own privacy policies, and customers are responsible for ensuring they have an appropriate legal basis to submit indicators. For debugging and security purposes, we may temporarily store API request metadata (including IP address, endpoint URL, and request/response headers, but not JSON payloads or response bodies) on Google Cloud Monitoring and Logging in US and EU regions for up to 30 days. Google Cloud acts as our data processor under its standard Data Processing Addendum incorporated into the Google Cloud Terms of Service. We may also retain limited information about recent API activity (such as endpoint, submitted indicator, and timestamp) for up to 30 days to enable customer access to request history and for security, abuse prevention, and service integrity purposes. This data is stored internally and is not shared with third parties. The data submitted through our APIs is not reused for training, AI modeling, enrichment, cross-customer correlation, marketing, analytics, profiling, or resale. We do not combine or correlate submitted data across different customers. When processing submitted data, we act as a data processor on behalf of the customer. For infrastructure logging, caching, and service security operations, we act as an independent data controller solely for service operation, security, and abuse prevention purposes.
In the Cybersecurity Tools web page we provide various security, analysis, and productivity tools for visitors. For many of these tools, data processing occurs client-side within the user’s web browser, and data entered is not transmitted to or stored on our servers. For certain tools that perform server-side analysis (including, but not limited to, Domain Reputation Check, Domain Age Check, and Website Trust Score Check), submitted indicators such as domain names, URLs, or IP addresses are transmitted to our systems for the sole purpose of performing the requested analysis. The analysis results are generated on-the-fly and displayed directly to the user. We do not maintain a public database of submitted indicators or generated reports, and we do not permanently store analysis results. Temporary technical caching or transient processing may occur for performance, security, or abuse-prevention purposes, and any such data is retained only for a limited period not exceeding 24 hours. Some tools may generate automated screenshots of publicly accessible web pages as part of the analysis process. Screenshots are created programmatically at the time of the request and are displayed to the user as part of the analysis results. We do not modify, curate, or control the content displayed on the submitted website. The display of a screenshot does not imply endorsement, affiliation, authorship, or ownership of the referenced website or its content. When operating these web-based tools, we act as an independent data controller. Please also refer to the Website Scanning Policy for additional information regarding the scope and principles of our website analysis services.
Data related to website visitors (e.g., web server logs) is primarily stored on Google Cloud Platform (located in the US) and Hetzner Online GmbH (located in Germany). In some cases, this data may also be stored with other cloud hosting providers. Please refer to our subprocessors list for additional details. Data related to customer accounts on our service is stored entirely on Google Cloud Platform (US). The third-party hosting providers we use adhere to top-tier security standards, implement strict access controls, and are certified under ISO 27001 and/or SOC 2 Type 2. They also comply with GDPR regulations. The data we store when you visit our website or create an account is retained temporarily, as described in the sections above. You may request us to delete your account data, including your email address, IP address, and password associated with your customer account. Upon verifying that the request is from you, we will fully delete this data within 30 days. However, please note that we may not be able to delete data processed and stored by third-party subprocessors, such as payment-related information handled by Paddle or Stripe.
To operate our service, we rely on well-known, trusted, and verified third-party subprocessors. For example, we use Google Cloud Platform (US) for hosting purposes and ActiveCampaign, LLC (Postmark) to send transactional emails to your email address, such as email verification messages. You can visit the subprocessors page to find a complete list of subprocessors we use, their purposes, and their locations. To better understand what data about you is processed by our subprocessors, here is a detailed and comprehensive recap:
Data related to website visitors (such as web server logs) and customer accounts is stored on cloud hosting providers like Google Cloud Platform and Hetzner Online GmbH. Data submitted through our APIs is processed on cloud hosting providers such as Google Cloud Platform. When we need to send you an email in an automated way, we may use transactional email providers such as ActiveCampaign, LLC (Postmark). For managing newsletters, we use services like Brevo (formerly Sendinblue), meaning your email address will be processed and stored on these platforms. Automated subscriptions and payments are handled by payment processors such as Paddle or Stripe, which may process and store personally identifiable information and payment-related details about your purchases. We use tax and invoice management services such as Fatture In Cloud (from MadBit Entertainment S.r.l.) to manage company quotes, invoices, and taxes. If you received a direct quote or invoice from us, your data may be processed and stored on this platform. To provide customer support, we use services like Zendesk, where emails are converted into tickets. This means your email address and messages are processed and stored on these third-party customer support systems. To prevent abuse of our service and to protect web forms, we use captcha systems such as CaptchaFox, which may process your IP address and browser data.
As wrote before, you can find the full list of subprocessors we use on our subprocessors page. We adhere to the principle of data minimization and carefully engage data processors only when it is strictly necessary to efficiently operate our services.
On our website and services, we use cookies primarily to identify you as a registered user or returning visitor, for security purposes, and to store service-required information. These cookies are used solely to provide you with an exceptional service and enhance the usability of the website. Some subprocessors we use to operate our service may also save cookies on your browser for security, debugging, and other standard purposes. For example: CaptchaFox may store cookies to verify if you correctly complete a CAPTCHA; Paddle may store cookies to improve your purchase experience and for security purposes; Stripe and PayPal may store cookies for similar reasons as Paddle, ensuring a seamless purchase experience and security; Zendesk may save cookies if you contact us through their web form. We strive to minimize the use of third-party cookies wherever possible. However, some subprocessors require cookies to ensure the proper functioning of their services, which are integral to our platform. Additionally, we use a cookie-free service, Fathom Analytics, to track visitors while fully respecting your privacy and avoiding any form of personal tracking. You can opt out of certain cookies through your web browser settings. Most browsers allow you to block cookies from specific domains if desired. However, to ensure the proper functioning of our website and services, we recommend enabling cookies in your browser. Please note that some features of our services, such as the dashboard, may not work correctly if cookies are blocked.
We respect our customers’ brand identity and understand the importance of how company names and logos are used. We will never use your company name, logo, or other brand assets for marketing, promotional, or public reference purposes without your prior written consent. In some cases, with explicit permission, we may display a customer’s company name or logo on our website, such as on our homepage, marketing materials, or signup pages, for the sole purpose of identifying them as a customer of our services. Any such use is done only after receiving clear authorization from the customer and strictly in accordance with the agreed terms. If permission is granted, you may request at any time that your company name or logo be updated or removed, and we will promptly comply with such requests. If no permission has been provided, your company name and logo will remain confidential and will not be disclosed or displayed publicly in any form. This policy applies to all current and former customers and reflects our commitment to transparency, trust, and respect for your brand.
We use the email address you provide when creating a customer account on our service to: [1] send you important information related to your account; [2] provide you with exceptional service; [3] share newsletters about our service or company projects. We value your privacy and will never sell or share your email address with third parties. You can opt out of receiving newsletters at any time. However, you cannot opt out of important account-related notifications, such as password reset emails, which are necessary to maintain your account security. When you create an account, your email address will be added to our newsletter subscription list, managed through our subprocessor Brevo (formerly Sendinblue), located in France. You can opt out of this at any time after receiving the first newsletter. Newsletters allow us to send you service-related updates, such as notifications about new product versions or significant updates that may be of interest to you.
Last updated on February 15, 2026
Create your account, pick a subscription plan, and make your first API call instantly with your API key—simple as that!
Get started now