Privacy Policy

Last Updated: January 27, 2025

At Restk, we believe your data belongs to you. This Privacy Policy explains how we collect, use, and protect your information when you use our API development platform.

RESTk is operated by Zynaty Technologies (OPC) Private Limited, a company incorporated under the laws of India. For privacy inquiries, contact us at [email protected].

Our Security-First Philosophy

Restk is built as a security-first platform. We understand that developers work with sensitive data—API keys, authentication tokens, and confidential request/response data. That's why we've implemented military-grade AES-256 encryption at every level.

How Our Encryption Works

  • Client-Side Encryption: All sensitive data is encrypted on your device before it ever leaves your machine
  • In-Transit Protection: All sensitive data travels over HTTPS/TLS and remains AES-256 encrypted during transmission
  • At-Rest Encryption: All sensitive data stored on our servers remains fully encrypted with AES-256
  • Local Protection: All sensitive data is AES-256 encrypted on your device
  • Client-Only Access: Only the client can encrypt and decrypt your data

Information We Collect

Account Information

When you create a Restk account, we collect:

  • Email address — Used for account authentication, important updates, and account recovery
  • Display name — Used to personalize your experience and team collaboration
  • Profile picture (optional) — Displayed in team workspaces

Authentication via Social Login

Google Sign-In

When you sign in with Google, we receive:

  • Your email address
  • Your name and profile picture
  • A unique identifier

We request only basic profile information (email and profile scopes) to simplify the sign-in process. We do not access your Google Drive, Gmail, contacts, or any other Google services.

GitHub Sign-In

When you sign in with GitHub, we receive:

  • Your email address
  • Your username and profile picture
  • A unique identifier

We request only the read:user and user:email scopes—the minimum required for authentication. We do not access your repositories, code, or any other GitHub data.

Your API Data

When you use Restk, we collect and store your API-related data to provide our services, including collections, folders, and request configurations.

Sensitive data is encrypted: The following information is AES-256 encrypted on your device before transmission:

  • Environment variable values
  • Authentication keys and headers
  • Parameter values
  • Request body data

The sensitive data on our servers is fully encrypted. Only the client can perform the encryption and decryption.

Usage Information

We collect anonymized usage analytics to improve Restk:

  • Feature usage patterns (which features are popular)
  • App performance metrics (crash reports, load times)
  • Device type and operating system

How We Use Your Information

We use your information to:

  • Provide and maintain your Restk account
  • Enable cross-device sync and team collaboration features
  • Send important product updates and security notices
  • Improve our product based on usage patterns
  • Provide customer support

We do not:

  • Sell your personal information to third parties
  • Use your data for advertising purposes
  • Access or read your encrypted API data
  • Share your information except as described in this policy

Third-Party Services

We use the following third-party services to operate and improve RESTk:

  • Firebase Analytics, Crashlytics, and Performance Monitoring (Google LLC) — collects app usage metrics, crash reports (including stack traces and device state), and performance data. See Google's privacy policy at https://policies.google.com/privacy
  • Firebase Cloud Messaging (Google LLC) — delivers push notifications. Device tokens are stored by Google to route messages.
  • WorkOS Inc. — handles authentication and identity management (login via email, Google, or GitHub). See WorkOS privacy policy at https://workos.com/privacy
  • Application Logging — anonymized app logs are transmitted to our logging infrastructure for debugging and reliability monitoring. Logs include device identifiers, timestamps, and error metadata. They do not include API request/response content, credentials, or user-generated data. Logs are retained for 30 days.

Data Security

We implement industry-leading security measures:

  • AES-256 encryption for all sensitive data (client-side, in-transit, and at-rest)
  • HTTPS/TLS for all data transmission
  • Client-only encryption — only the client can encrypt and decrypt your data
  • Passwords hashed using secure algorithms
  • Regular security audits and updates

Your Responsibility

You are responsible for:

  • Keeping your account credentials secure
  • Managing access to shared workspaces

Your Rights

You have the right to:

  • Access — Request a copy of your personal data
  • Correction — Update inaccurate information
  • Deletion — Delete your account and associated data
  • Export — Download your data in a portable format
  • Withdraw Consent — Disable optional data collection

To exercise these rights, contact us at [email protected].

Data Retention

  • Account data: Retained while your account is active
  • Usage analytics: Aggregated and anonymized after 90 days
  • Deleted accounts: Data removed within 30 days (backups within 90 days)

Children's Privacy

Restk is not intended for users under 16 years of age. We do not knowingly collect information from children.

Changes to This Policy

We may update this Privacy Policy periodically. We'll notify you of significant changes via email or in-app notification.

Contact Us

Questions about this Privacy Policy?

Email: [email protected]