← Back to AirStream

Privacy Policy

Last Updated: February 5, 2026

1. Information We Collect

1.1 Account Information

When you create an account with AirStream, we collect:

  • Email address
  • First and last name
  • Any profile information you provide (optional)

This information is collected through Firebase Authentication and stored securely in our PostgreSQL database.

1.2 Authentication Data

  • Firebase-provided authentication tokens (JWT)
  • Authentication method used (email/password, social login, etc.)
  • Login history and timestamps

1.3 API Usage Data

To ensure fair use and provide billing transparency, we collect:

  • API endpoint requests you make
  • Query parameters and filters you use
  • Response sizes and response times
  • Number of results returned
  • Timestamps of each request
  • Your rate limit status and overages

This data is aggregated and used for:

  • Usage tracking for your subscription tier
  • Rate limiting enforcement
  • Analytics about API usage patterns
  • Billing calculations (if applicable)

1.4 Technical Data

  • Your IP address
  • User agent and browser type
  • Device information
  • Access logs

2. How We Use Your Information

2.1 Core Service Delivery

We use your information to:

  • Create and maintain your account
  • Authenticate your requests
  • Provide access to API endpoints
  • Process subscription and payment information
  • Enforce rate limits according to your subscription tier
  • Send you service notifications and updates

2.2 Analytics and Improvement

  • Analyze API usage patterns to improve performance
  • Understand which features are most used
  • Identify and fix technical issues
  • Optimize our infrastructure

2.3 Communication

  • Respond to support inquiries
  • Send account-related notifications
  • Notify you of service changes or outages
  • Share important security information
  • Comply with legal obligations
  • Enforce our Terms of Service
  • Investigate and prevent fraud or abuse
  • Protect the rights and safety of our users and service

3. Data Storage and Security

3.1 Where We Store Data

AirStream operates a microservices architecture with data stored in:

  • User Accounts: PostgreSQL database (as-main service)
  • API Usage Data: Redis (temporary) and PostgreSQL (persisted)
  • Authentication Tokens: Firebase Authentication
  • Subscription Data: LemonSqueezy (payment processor)

All servers are located in the United States.

3.2 Security Measures

We implement industry-standard security practices:

  • Encryption in Transit: All connections use HTTPS with TLS 1.2+
  • Encryption at Rest: Sensitive data is encrypted in our databases
  • Authentication: JWT tokens with secure signing algorithms
  • Access Control: API secret authentication for internal service communication
  • Rate Limiting: Redis-based rate limiting to prevent abuse
  • Regular Audits: Security reviews of our authentication and data handling

3.3 Data Retention

  • Account Data: Retained as long as your account is active
  • API Usage Data: Retained for 90 days in Redis, aggregated data retained indefinitely
  • Access Logs: Retained for 30 days
  • Deleted Accounts: Deleted upon request (within 30 days), except where legally required to retain

4. Firebase Authentication

AirStream uses Google Firebase for authentication. When you sign in:

  • Firebase handles your email and password securely
  • We receive a JWT token confirming your identity
  • Your password is never stored on our servers
  • Firebase’s privacy practices apply to authentication data

For more information, see Google’s Privacy Policy.

5. API Usage Data

5.1 Why We Collect It

API usage data helps us:

  • Enforce rate limits fairly based on subscription tier
  • Track usage for billing purposes
  • Provide transparency in your account dashboard
  • Maintain service quality and prevent abuse

5.2 What We Track

For each API request, we record:

  • Endpoint accessed
  • Timestamp
  • Response time
  • Query parameters
  • Number of records returned
  • Status code

5.3 Anonymization

  • Usage data is associated with your account ID
  • We do not share your personal usage data with third parties
  • Aggregated, anonymized usage statistics may be used internally

6. Your Rights

6.1 GDPR (European Residents)

If you are located in the European Union, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate information
  • Erasure: Request deletion of your data (“right to be forgotten”)
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a portable format
  • Objection: Object to processing for certain purposes

To exercise these rights, contact us at contact@airstreamdata.com.

6.2 CCPA (California Residents)

California residents have the right to:

  • Know: What personal information is collected
  • Delete: Request deletion of personal information collected from you
  • Opt-Out: Opt-out of selling/sharing of personal information (we don’t sell data)
  • Non-Discrimination: Not be discriminated against for exercising these rights

To exercise these rights, contact us at contact@airstreamdata.com.

6.3 Data Subject Requests

We will respond to valid data subject requests within 30 days. To submit a request:

  1. Email contact@airstreamdata.com
  2. Provide proof of identity
  3. Clearly specify your request (access, correction, deletion, etc.)

7. Third-Party Services

7.1 Service Providers

We use third-party services:

  • Firebase (Google) - Authentication and identity management
  • LemonSqueezy - Payment processing and subscription management
  • Amazon Web Services - Cloud infrastructure (if applicable)

These services have their own privacy policies. We require all service providers to protect your data.

7.2 No Data Selling

We do not sell your personal information to third parties. We do not share personal information except:

  • With service providers who assist us (under contract)
  • As required by law
  • To protect our rights and safety

8. Contact Us

For privacy questions or concerns:

Email: contact@airstreamdata.com

Response Time: We aim to respond to privacy inquiries within 5 business days.

9. Policy Changes

We may update this Privacy Policy periodically to reflect changes in our practices or technology. We will notify you of material changes by:

  • Updating the “Last Updated” date
  • Sending a notification to your registered email address
  • Posting a notice on our website

Continued use of AirStream after changes constitute your acceptance of the updated policy.

Under GDPR, our legal basis for processing your data is:

  • Performance of Contract: To provide our API service
  • Legitimate Interest: To improve our service, prevent fraud, and ensure security
  • Consent: For optional data collection (e.g., marketing emails)
  • Legal Obligation: To comply with laws and regulations

Last Updated: February 5, 2026