Privacy Policy

1. Introduction

Xbitcode ("we", "our", or "us") operates the Music API service accessible at music.xbitcode.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and API services.

2. Information We Collect

2.1 Personal Information

When you sign up using Google OAuth, we collect:

• Your name
• Email address
• Google profile picture
• Google account ID

2.2 Usage Data

We automatically collect:

• API request logs (endpoints accessed, timestamps, response codes)
• IP addresses
• Browser type and version
• Device information
• Pages visited and time spent on our website

2.3 Payment Information

Payment transactions are processed through PayU. We do not store your credit card, debit card, or bank account details. PayU handles all sensitive payment data in accordance with PCI DSS standards.

3. How We Use Your Information

• To create and manage your account
• To provide and maintain our API services
• To process your subscription payments
• To monitor API usage and enforce rate limits
• To send important service notifications
• To provide customer support
• To detect and prevent fraud or abuse
• To improve our services and develop new features

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your data with:

• Payment processors (PayU) to process transactions
• Service providers who assist in operating our platform (hosting, analytics)
• Law enforcement if required by law or to protect our legal rights

5. Data Security

We implement industry-standard security measures to protect your data, including encrypted connections (HTTPS/TLS), secure API key generation, and access controls. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

6. API Keys

Your API keys are unique identifiers linked to your account. You are responsible for keeping your API keys confidential. We reserve the right to revoke API keys that are found to be shared publicly or used in violation of our Terms and Conditions.

7. Cookies and Tracking

We use essential cookies for authentication and session management. These are necessary for the functioning of our service. We do not use third-party advertising or tracking cookies.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. API usage logs are retained for up to 90 days for analytics and debugging purposes. You may request deletion of your account and associated data by contacting us.

9. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Withdraw consent for data processing
• Export your data in a portable format

To exercise these rights, contact us at [email protected].

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete such information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes via email or a notice on our website. Continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, contact us at: