🚀 Experience the new and improved APIVoid! Check out what's new
NoVirusThanks is a small IT company based in Perugia, Italy, and we are committed to protecting your privacy. With this in mind, we have designed APIVoid to adhere to a privacy-first principle, ensuring the utmost care and consideration for your personal data. We have no interest in collecting unnecessary or sensitive data about our customers. Our business model is based on paid APIVoid subscriptions, not on your customer account data. Our service dashboard only requires and stores your email, password, and IP address, which are used to display your login history and other security- or account-related activities. No additional data — such as your name, surname, address, credit card information, payment details, or other personally identifiable information (PII) — is stored in our system.
We have engaged well-known, ISO 27001- and SOC 2 Type 2-certified third-party subprocessors for functionality related to payments, credit card management, invoicing, refunds, and related processes. We have partnered with Paddle (based in the UK), our new merchant of record, to handle automated payments, invoices, taxes, refunds, and subscriptions. Additionally, we may occasionally use Stripe (based in the US) for certain custom payments, or, in specific cases, PayPal (also based in the US). To manage our company quotes, invoices and taxes we may use a third-party tax managemet platform named Fatture In Cloud (from MadBit Entertainment S.r.l.) and we may store your company details there if you received a quote or invoice directly from our company. Our tax accountant may also have access, process or store data we save in Fatture In Cloud platform.
Our service dashboard and your customer account data are hosted exclusively on the Google Cloud Platform, which is ISO 27001- and SOC 2 Type 2-certified, in the US regions. We recommend you to visit the Google Cloud's Trust Center page for more information about its security and compliance commitments. Your account data is stored in Google Cloud-managed databases that use TLS connection and are encrypted at rest with AES-256.
When you create an account on our service, we always store your password in the database in an encrypted format, using proven secure hashing algorithms (excluding insecure and easily crackable hashes such as MD5 or SHA*). These algorithms are implemented with a high iteration cost to ensure longer hashing times and increased security. Additionally, we enforce a password policy requiring your password to be at least 15 characters long and to include symbols, alphanumeric characters, as well as both uppercase and lowercase letters. For additional security, we also provide two-factor authentication (2FA) for your account.
To operate our API services, we primarily use Google Cloud Platform, hosted in the US region. For some specific API services and functionalities, we may use a combination of cloud hosting providers based in US and EU, including Hetzner Online GmbH, located in Germany. You can refer to our subprocessors list on our website for additional information. All the cloud and hosting providers we use operate in facilities with top-tier physical security, strict access controls, and hold either ISO 27001 or SOC 2 Type 2 certifications.
All data in transit is always encrypted using HTTPS and TLSv1.2+; no data is ever transmitted unencrypted across our servers, networks, or systems. We use Google Cloud Platform-managed databases to securely store all the data related to your user account. These databases are encrypted at rest with AES-256 encryption by default, and they enforce secure TLSv1.2+ encryption for all incoming and outgoing connections.
In every third-party subprocessor we use to run our service, we have enabled two-factor authentication (2FA) as an additional layer of security for our company accounts. Additionally, every team member is required to use 2FA authentication. We always use strong passwords that are 64+ characters long and include symbols, alphanumeric characters, as well as both uppercase and lowercase letters. Where possible, we also implement IP whitelisting to ensure that only our company IP addresses can access the accounts.
The customer account data is securely stored in the cloud on Google Cloud Platform. We minimize the data accessible to our people and systems, ensuring they can only access the information strictly necessary to perform their job. We enforce strict access controls, allowing only verified and authorized personnel to access your user account data—and only for valid reasons, such as resolving account-related issues (e.g., if you request a password reset, assistance with login issues, or a change to your account email address). As part of our rigorous data protection strategy, none of the devices used by our team—including laptops, desktops, and external drives—store customer data in any form.
All business computers and external storage devices used by our team are encrypted at rest, ensuring that data stored locally is protected by industry-standard encryption protocols. These devices are secured with strong, complex passwords that follow strict internal security policies, significantly reducing the risk of unauthorized access. Importantly, no customer data is ever stored on employee devices, adding an extra layer of data protection. Furthermore, we do not maintain any physical servers within our office premises. This strategic decision significantly minimizes the risk of data exposure in the event of a physical intrusion or theft, and ensures that all sensitive operations and data are consistently handled in secure, cloud-based environments with robust access controls and continuous monitoring.
We use well-known vulnerability scanning tools to perform regular scans of our systems and network, ensuring potential risks are detected and addressed promptly. When a vulnerability is found or a manual update is required, we act as quickly as possible—on average within 8 hours. While no system can be considered 100% secure against attackers, we adhere to the best security standards to safeguard our systems from unauthorized access. Additionally, we are committed to transparent communication and will promptly inform users of any data breaches or security incidents that could impact their data or services.
While we don’t currently hold formal certifications such as SOC2 or ISO 27001, we diligently follow industry best practices to safeguard our customers' information. As part of our commitment to regulatory compliance, we adhere to the General Data Protection Regulation (GDPR) principles, even for customers outside the EU. This means we prioritize minimizing the data we collect and process, ensuring we only retain what is absolutely necessary to provide our services, thereby limiting the exposure of sensitive information. All customer account data is hosted on servers and managed databases within Google Cloud Platform's U.S. regions, which are designed to meet stringent security standards. Data is encrypted at rest, and all data in transit is securely encrypted using advanced protocols (TLSv1.2+).
We aim to delete your APIVoid account data as soon as it is no longer needed or when you request us to delete your account data (make sure you do not have any unpaid overages before request account deletion). The less data we store about you, and for the shortest period of time, the better. As mentioned earlier, we designed our service and dashboard to store on our systems as little data about you as possible—just your email, password, and IP address. Please note that we cannot remove payment, quote and invoice-related data created and stored on Paddle (our merchant of record), as Paddle is responsible for managing that type of data. The same applies to payments, quotes and invoices created through Stripe or PayPal. This also applies to custom payments, quotes and invoices issued directly by our company, as our tax manager must retain this data to comply with Italian tax laws.
Last updated on February 10, 2025
Create your account, pick a subscription plan, and make your first API call instantly with your API key—simple as that!
Get started now