Privacy Policy

How Wyzie Subs collects, uses, and protects your information.

Last updated: April 30, 2026

1. Overview

This Privacy Policy describes how Wyzie ("we", "us", or "our") collects and handles information when you use Wyzie Subs (the "Service"). Wyzie is operated by an individual based in the United States of America and serves as the data controller for all personal information collected through the Service. We are committed to collecting only the minimum data necessary to operate the Service. We do not sell your personal information to third parties.

2. Information We Collect

2a. Information you provide directly

  • Email address - collected at checkout (Stripe) or after a successful cryptocurrency payment. Used to deliver your API key, receipts, low-balance notices, top-up links, and depletion alerts. Email is the only contact channel we use for transactional communication.
  • Phone number - collected during Free plan phone verification solely for SMS OTP to prevent abuse. We store only a SHA-256 hash of the phone number, never the raw number; the hash lets us enforce one-key-per-person on the free tier without retaining the underlying identifier. The OTP code itself is hashed and destroyed on use or after 10 minutes. We do not use your phone number for marketing.
  • Auto top-up settings - if you opt in to auto top-up from your dashboard, we store the trigger threshold, the pack size, and your monthly spend cap. Your card details themselves are stored only by Stripe; we retain only the Stripe customer ID and payment method ID needed to charge you when your balance falls below the threshold. You can disable auto top-up at any time.

2b. Information collected automatically

  • API usage data - each API request is logged for the purpose of enforcing rate limits and calculating remaining request quota. Logs may include timestamps, endpoints called, and response codes.
  • Browser / device data - standard web server logs (IP address, browser type, referring URL, pages visited) may be retained for security monitoring and abuse prevention. This data is processed by Cloudflare as part of our infrastructure.

2c. Data stored in your browser

  • wyziePaymentId - stored in localStorage after checkout as a fallback reference for payment verification. Remains in your browser until cleared.
  • wyzieUserEmail - stored in localStorage after cryptocurrency payment to assist with order lookups. Remains in your browser until cleared.

Your API key is never stored in your browser by us. It is displayed once and it is your responsibility to save it securely. By using the Service, you consent to the use of localStorage for the functional items described above. These are not used for advertising or cross-site tracking; they exist solely to support payment verification and order lookup workflows.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To issue and manage your API key.
  • To process and verify payments via Stripe and NOWPayments.
  • To send transactional emails (API key delivery, usage alerts). We do not send marketing emails.
  • To enforce rate limits and detect abusive usage patterns.
  • To comply with legal obligations and protect the security of the Service.

4. Third-Party Services & Data Sharing

We share limited information with third parties only as necessary to provide the Service:

  • Stripe - processes card payments. Stripe may collect billing information and payment data directly. We receive only confirmation of payment and your email address. Stripe's privacy policy is available at stripe.com/privacy.
  • NOWPayments - processes cryptocurrency payments. Your selected currency and wallet address are handled by NOWPayments. We receive payment status and no wallet details. Their privacy policy is at nowpayments.io/privacy-policy.
  • Cloudflare - provides DNS, CDN, DDoS protection, Turnstile CAPTCHA, and Pages hosting. Cloudflare may process request metadata as part of this service. Their privacy policy is at cloudflare.com/privacypolicy.
  • Transactional email provider - your email address is shared with our transactional email delivery service to send your API key confirmation and usage notifications. This provider acts as a data processor on our behalf and does not use your email address for its own marketing purposes.
  • SMS verification provider - your phone number is passed to a third-party SMS verification service to deliver the one-time verification code for Free plan registration. It is not retained by us or used for any purpose beyond the verification transaction.

We do not sell, rent, or trade your personal information to advertisers or data brokers.

5. API Key Security & Your Responsibilities

Your API key is a secret credential. We display it once at issuance and email it to the address provided at checkout. After that, we do not have a way to recover it for you without regeneration. You are solely responsible for keeping your API key secure. If your key is exposed - for example by committing it to a public code repository, sharing it in a forum, or failing to restrict access - all requests made with that key are your responsibility. We will not reimburse, compensate, or restore request credits consumed through unauthorized use of a key that was not adequately secured by you.

6. Data Retention

We retain your email address and associated API key record for as long as your API key remains active, or until you request deletion. API usage logs are retained for up to 90 days for operational and security purposes, after which they are deleted or anonymized. Phone numbers collected for OTP verification are not retained beyond the verification session. You may contact us at [email protected] to request deletion of your data.

7. Security

We implement reasonable technical and organisational measures to protect the information we hold. All data in transit is encrypted via HTTPS. However, no system is completely secure. We cannot guarantee the absolute security of your information and are not liable for breaches that are outside our reasonable control, including breaches resulting from your own failure to secure your API key.

8. Children's Privacy

The Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access - request a copy of the personal data we hold about you.
  • Correction - request correction of inaccurate or incomplete data.
  • Deletion - request deletion of your personal data, subject to legal or operational retention obligations.
  • Restriction - request that we restrict the processing of your data pending a correction or objection.
  • Portability - receive your personal data in a structured, commonly used, machine-readable format.

To exercise any of these rights, contact us at [email protected]. We will respond to verifiable requests within 45 days. We may need to verify your identity before processing a request.

10. California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you additional rights:

  • Right to Know - the categories and specific pieces of personal information we have collected about you, the purposes for collection, and with whom we share it.
  • Right to Delete - request deletion of personal information we have collected, subject to certain exceptions (e.g., completing a transaction, security, legal obligations).
  • Right to Correct - request correction of inaccurate personal information we maintain about you.
  • Right to Opt-Out of Sale or Sharing - we do not sell or share personal information with third parties for cross-context behavioral advertising.
  • Right to Limit Use of Sensitive Personal Information - we do not use sensitive personal information (such as your phone number) for any purpose beyond what is described in this policy.
  • Right to Non-Discrimination - we will not deny you service, charge you a different price, or provide a different level of service for exercising your CCPA rights.

To submit a California privacy request, email us at [email protected] with the subject line "California Privacy Request". We will respond within 45 days as required by law.

11. Data Breach Notification

In the event of a data breach that is reasonably likely to result in harm to affected individuals, we will notify impacted users without unreasonable delay and in accordance with applicable US state breach notification laws. Notification will be sent to the email address associated with your account and will include: a description of the nature and scope of the breach, the categories of personal data affected, the likely consequences, and the measures we have taken or propose to take to address and mitigate the breach.

12. Limitation of Liability

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, WYZIE AND ITS OPERATORS SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, GOODWILL, OR OTHER INTANGIBLE LOSSES, ARISING OUT OF OR IN CONNECTION WITH ANY SECURITY BREACH OR ANY OTHER SECURITY INTRUSION. IN NO EVENT SHALL OUR TOTAL AGGREGATE LIABILITY TO YOU EXCEED THE AMOUNT YOU PAID TO US IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Your continued use of the Service after any changes constitutes acceptance of the revised policy.

14. Contact

For any privacy-related questions or data requests, contact us at [email protected] or via our contact page.