Privacy Policy

Last updated: April 2026

1. No personal data collection

xfinlink does not collect personal data. There are no user accounts, no email collection, no sign-up forms, and no authentication tokens. You use the API anonymously.

2. What we log

For rate limiting and aggregate analytics, each API request generates a log entry containing:

• An IP-derived hash (SHA-256, one-way — not reversible to your IP address)
• Request timestamp
• Tickers queried
• Response time (milliseconds)
• HTTP status code

These logs are used exclusively for enforcing rate limits and understanding aggregate usage patterns (e.g., which endpoints are most popular). They are never used to identify individual users.

3. No cookies or tracking

xfinlink does not use cookies, browser fingerprinting, tracking pixels, or any third-party analytics scripts. There is no Google Analytics, no Mixpanel, no Segment, and no advertising trackers on any xfinlink page or endpoint.

4. No data sales

We do not sell, rent, or share any logged data with third parties. Period.

5. Data retention

Raw API request logs are aggregated after 30 days into anonymous summary statistics (e.g., daily request counts per endpoint). The raw log entries are then deleted. Aggregated statistics contain no IP hashes or other identifiers.

6. GDPR compliance

xfinlink is designed to be GDPR-compliant by default. We minimize data collection, process only what is necessary for rate limiting, and do not store personally identifiable information. The one-way IP hashes we store cannot be reversed to identify you. If you believe any data we hold relates to you and wish to exercise your rights under GDPR, contact us and we will address your request.

7. Changes to this policy

We may update this policy as our practices evolve. Changes will be reflected on this page with an updated date.

8. Contact

Privacy questions? Email hello@xfinlink.com.