// LEGAL

Privacy Policy

Last updated: April 1, 2026

1. Introduction

EdgeAPI Labs B.V. ("EdgeAPI," "we," "us," or "our") operates the EdgeAPI platform, a serverless edge functions service available at edgeapi.date and related subdomains. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit our website, create an account, or use our services.

We are committed to handling your data with the same care we apply to our infrastructure: minimally, transparently, and with strong technical guarantees. If you have any questions, contact us at privacy@edgeapi.date.

2. Information We Collect

We collect three categories of information.

2.1 Account Information

When you create an account, we collect your name, work email address, password (hashed using Argon2id), company name, and optional GitHub username. If you connect a third-party identity provider (Google, GitHub), we receive the email address and OAuth identifier from that provider.

2.2 Service Usage Data

When you deploy and run functions on EdgeAPI, we collect operational metadata required to deliver and bill the service:

  • Function source code, configuration, and environment variables you upload
  • Deployment metadata: project name, region selections, runtime version, build logs
  • Execution telemetry: request count, CPU time, memory peak, error rate, response status codes
  • Logs you choose to emit from your functions (retained per your plan's retention policy)

We do not inspect the contents of HTTP request bodies passing through your functions. Function execution is isolated from our control plane by design.

2.3 Cookies and Telemetry

Our marketing website uses essential cookies for session management and a privacy-friendly analytics provider (Plausible Analytics, self-hosted) that does not use third-party cookies, fingerprinting, or cross-site tracking. We do not use Google Analytics, Facebook Pixel, or similar tools.

3. How We Use Information

We use the information we collect to:

  • Provide, operate, and improve the EdgeAPI platform
  • Process payments and prevent fraud
  • Communicate with you about service updates, security advisories, and incidents affecting your deployments
  • Provide customer support when you contact us
  • Comply with legal obligations under Dutch and EU law

We do not sell your personal data. We do not use your function code, logs, or metadata to train machine learning models. Your code is your IP — we do not claim any rights to it beyond what is strictly necessary to execute it on our infrastructure.

4. Sharing and Disclosure

We share personal data only in the following limited circumstances:

  • Subprocessors: We use a small number of vetted subprocessors (payment processor, transactional email, error tracking, hosted analytics). A current list is available on request.
  • Legal compliance: When required by a valid legal request (court order, subpoena), and only after we have evaluated the request for legitimacy and minimized our response.
  • Corporate transactions: In connection with a merger, acquisition, or sale of assets, in which case we will notify you in advance.

We do not share your function code, logs, or execution data with any third party for advertising, analytics, or any other commercial purpose.

5. Data Retention

We retain personal data only for as long as necessary to provide the service:

  • Account data: retained while your account is active and for 90 days after deletion to allow recovery
  • Function logs: retained according to your plan (Hobby: 24 hours; Pro: 7 days; Team: 30 days; Scale: configurable up to 365 days)
  • Billing records: retained for 7 years to comply with Dutch tax law
  • Backups: rotated automatically within 35 days

6. Your Rights

If you are located in the European Economic Area, the United Kingdom, or California, you have specific rights regarding your personal data, including the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion ("right to be forgotten")
  • Request portability of your data in a machine-readable format
  • Object to processing or request restriction of processing
  • Withdraw consent at any time (without affecting the lawfulness of processing carried out before withdrawal)
  • Lodge a complaint with a supervisory authority (in the Netherlands: Autoriteit Persoonsgegevens)

To exercise any of these rights, email privacy@edgeapi.date. We respond within 30 days.

7. International Data Transfers

EdgeAPI is headquartered in the Netherlands and operates infrastructure across multiple regions, including the United States, EU, UK, Singapore, and Japan. When personal data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by additional technical measures including end-to-end encryption.

For US transfers specifically, we self-certify under the EU–US Data Privacy Framework where applicable, and otherwise rely on SCCs.

8. Security

We protect personal data through layered technical and organizational measures:

  • All data encrypted in transit using TLS 1.3 and at rest using AES-256-GCM
  • Function execution isolated using V8 isolates and WASM sandboxes
  • Secrets encrypted with envelope encryption; decryption keys never leave HSM
  • Annual SOC 2 Type II audits by an independent firm
  • Quarterly penetration testing by external red teams
  • Hardware security keys required for all employee access to production
  • Background checks for all employees handling customer data

9. Children's Privacy

EdgeAPI is intended for use by businesses and individual developers aged 16 and older. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email and a notice on our website at least 30 days before they take effect. The "Last updated" date at the top of this policy reflects the most recent version.

11. Contact Us

For questions about this Privacy Policy or our data practices, contact our Data Protection Officer at:

EdgeAPI Labs B.V.
Attn: Data Protection Officer
Herengracht 510, 1017 CC Amsterdam
The Netherlands
privacy@edgeapi.date