Privacy Policy — DocoAPI

Welcome to DocoAPI. We built this service for developers and we believe in being straight with you about how your data is handled. This Privacy Policy explains what we collect, why we collect it, and what your rights are. No legalese — just plain English.

If you have questions, email us at [email protected].

Who We Are

DocoAPI is operated by SAGA LABS LTDA (trading as SagaLabs). Our service is available at docoapi.com.

For the purposes of GDPR and similar data protection laws, SAGA LABS LTDA is the data controller for your personal information.

What Data We Collect

Account Information

When you sign up, we collect:

Your name
Your email address
A password (stored as a secure hash — we never store your plain-text password)

API Specifications

When you use DocoAPI, you upload or sync OpenAPI/Swagger specification files. These are your specs — they belong to you. We store them to power your documentation portal.

GitHub Access (Optional)

If you choose to connect your GitHub account, we request access to the repositories you authorize. We use this solely to sync your OpenAPI specs into DocoAPI. We do not read, store, or analyze unrelated repository content.

Usage Data

We collect data about how you use DocoAPI, including:

Pages visited and features used
API endpoints tested in the Playground
Search queries made within your docs portal
Time and frequency of sessions

This helps us understand how the product is used and where to improve it.

Billing Data

Payments and subscriptions are handled by Paddle, our Merchant of Record. We do not store your credit card details. Paddle processes all payment information directly and provides us with subscription status (active, trialing, cancelled) and anonymized billing metadata.

Cookies and Local Storage

We use:

Session cookies to keep you logged in
Functional cookies to remember your preferences
Analytics cookies (if applicable) to understand usage patterns

We do not use advertising or third-party tracking cookies.

How We Use Your Data

Purpose	Data Used	Legal Basis
Provide the DocoAPI service	Account info, API specs, GitHub access	Contract performance
Process billing and subscriptions	Email, subscription status via Paddle	Contract performance
Generate AI-powered search embeddings	API spec content	Legitimate interest / Contract
Improve the product	Usage data	Legitimate interest
Send service emails (receipts, alerts)	Email	Contract performance
Respond to support requests	Email, account info	Legitimate interest

We do not sell your data. We do not use your data for advertising.

Third-Party Services

We use a small number of trusted third parties to operate DocoAPI. Each has their own privacy policy:

Paddle

Paddle is our Merchant of Record and handles all payments, subscriptions, and VAT compliance globally. When you subscribe, your payment information is handled directly by Paddle under their privacy policy.

Paddle Privacy Policy →

GitHub

If you connect your GitHub account, GitHub processes the OAuth authorization. We only access repositories and data you explicitly grant access to.

GitHub Privacy Statement →

OpenAI

We use OpenAI's embedding API to generate vector embeddings of your API specification content. These embeddings power the semantic search feature in your docs portal. Your spec content is sent to OpenAI's API for this purpose. OpenAI does not use API data to train their models by default.

OpenAI Privacy Policy →

Infrastructure Providers

DocoAPI runs on cloud infrastructure (Railway for the backend, Vercel for the frontend). These providers process data as part of hosting our service and operate under standard data processor agreements.

Data Retention

Account data: Retained while your account is active. Deleted within 30 days of account deletion.
API specifications: Retained while your account is active, including up to 20 historical versions per spec. Deleted within 30 days of account deletion.
Usage data: Retained for up to 12 months on a rolling basis.
Billing records: Retained for 7 years as required by financial regulations (held by Paddle as Merchant of Record).

If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are legally required to retain it.

Your Rights

If you are located in the EU, EEA, UK, or other regions with data protection laws, you have the following rights:

Access — Request a copy of the personal data we hold about you
Correction — Ask us to correct inaccurate or incomplete data
Erasure — Ask us to delete your personal data ("right to be forgotten")
Restriction — Ask us to limit how we process your data
Portability — Request your data in a portable format
Objection — Object to processing based on legitimate interests
Withdraw consent — Where we rely on consent, you can withdraw it at any time

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

If you believe we have not handled your data correctly, you have the right to lodge a complaint with your local data protection authority.

Data Security

We take reasonable technical and organizational measures to protect your data:

Passwords are hashed using industry-standard algorithms
All data in transit is encrypted via HTTPS/TLS
Database access is restricted and access-controlled
API keys and secrets are stored securely and never exposed client-side

No system is 100% secure. If we ever become aware of a data breach that affects you, we will notify you promptly.

Children

DocoAPI is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we'll update the "Last updated" date at the top. For significant changes, we'll notify you via email or an in-app notice.

Continued use of DocoAPI after changes take effect means you accept the updated policy.

Contact

Questions about privacy? Reach out:

Email: [email protected]

Website: docoapi.com