← Back to Holistic Quality

Data Policy

Last updated: March 2026

This policy covers how Holistic Quality LLC collects, stores, and uses data across the HQ ecosystem — with specific detail on the ALETHEIA API (api.aletheia.holisticquality.io).

The Short Version

We collect the minimum data required to operate the service. We do not sell it, share it with advertisers, or build profiles on you. Your API usage is yours.

What We Collect

For ALETHEIA API subscribers:

• Email address — provided at checkout via Stripe. Used only to deliver your API key and service communications.
• API key — a randomly generated token stored in our database, linked to your email and subscription tier.
• Daily request count — an integer counter per key per day, used solely for rate limiting. Resets at midnight UTC. No request content is stored.
• Stripe customer ID — stored to handle subscription cancellations. We never see or store your full card number.

For all visitors:

• Vercel Analytics — anonymous page view data (no cookies, no fingerprinting, no cross-site tracking). We use this only to understand which pages are useful.

What We Do Not Collect

• The content of your API requests or responses
• IP addresses (beyond what Vercel infrastructure logs transiently)
• Browser fingerprints or device identifiers
• Behavioral data for advertising or profiling
• Any data about the end-users of applications you build with our API

How Data Is Stored

• API keys and usage counters — stored in Upstash Redis (encrypted at rest, hosted on AWS us-east-1). Rate limit counters expire automatically after 24 hours. Keys persist until your subscription is cancelled.
• Payment data — managed entirely by Stripe. Holistic Quality LLC stores only a Stripe customer ID and your email address.

Third-Party Services

We use the following services. Each has been selected because they handle data responsibly:

• Stripe — payment processing. Stripe Privacy Policy →
• Upstash — serverless Redis for key storage and rate limiting. Upstash Privacy Policy →
• Vercel — hosting and infrastructure. Vercel Privacy Policy →
• Resend — transactional email delivery (API key delivery only). Resend Privacy Policy →

We do not use Google Analytics, Meta Pixel, or any advertising network.

Data Retention

• Active subscribers — email and API key stored for the duration of your subscription.
• Cancelled subscriptions — your API key is deactivated. Email and key records are retained for 90 days for dispute resolution, then deleted.
• Rate limit counters — expire automatically after 24 hours. No historical usage data is retained.

What We Will Never Do

• Sell your data to third parties
• Share your email with advertisers or data brokers
• Use your API usage patterns to build advertising profiles
• Monetize your data in any form other than the subscription you paid for

Your Rights

• Access — request a full export of data we hold about you
• Deletion — request complete removal of your email and API keys at any time
• Portability — your data in JSON on request
• Correction — update your email address by contacting us

To exercise any of these rights, email privacy@holisticquality.io. We respond within 5 business days.

Contact

Questions about this policy or how we handle your data:
privacy@holisticquality.io
Holistic Quality LLC · Ohio, USA