Privacy Policy

This Privacy Policy explains how CandycornDB collects, uses, stores, and protects data related to users of our API services and website. Our audience includes developers, businesses, and security professionals — we believe you deserve straight answers, not legalese.

1. Data We Collect

• IP Addresses: Submitted to our API for risk scoring. These are processed transiently to generate a risk score.
• Authentication Info: Email address, plan tier, usage counts, and API timestamps required to maintain your account.
• Diagnostic Metadata: Error logs and performance headers used to prevent abuse (DDoS protection) and improve uptime.

2. How We Use Data

We use the data we collect solely for operational purposes:

• To deliver accurate, real-time IP intelligence scoring.
• To maintain service uptime (99.9%) and API performance.
• To prevent abuse, fraud, and API key sharing.
• To improve our subnet clustering models (anonymized aggregation).

3. Data Retention

IP Log Data: Raw API logs are retained for 30 days for debugging and then permanently purged.

Account Data: Retained for the lifetime of your account. If you delete your account, your data is wiped from our primary database immediately and from backups within 14 days.

4. Security Practices

• Encryption: All data in transit is encrypted via TLS 1.3.
• Access Control: Internal access to user data is restricted to engineering staff with 2FA-enabled accounts.
• Infrastructure: Hosted on SOC2-compliant cloud infrastructure (DigitalOcean / AWS).

5. Compliance (GDPR & CCPA)

CandycornDB acts as a Data Processor. We process IP addresses on behalf of our customers. We do not sell data to third parties.

You have the right to request access, correction, or deletion of your personal data at any time.

6. Contact Us

If you have specific security questions or need to submit a DPA (Data Processing Agreement) for review, please contact our team.

Email: support@candycorndb.com