Privacy policy

This Policy for the processing of personal data (hereinafter — the “Policy”) defines the general principles and procedure for the processing of personal data and measures to ensure their security in the ApiWay service. ApiWay, Inc. is incorporated in the State of Delaware, USA and provides services to users worldwide, including in the EEA/UK and California. For purposes of EU/UK data protection law, ApiWay, Inc. generally acts as a data controller for Account data and as a data processor for Integration Content handled on behalf of Customers.

Use of Google Workspace APIs

Our application does not use Google Workspace APIs to develop, improve, or train generalized artificial intelligence (AI) and/or machine learning (ML) models. We are committed to protecting user data and ensuring that it is only used for the specific purposes outlined in this Privacy Policy. We adhere to all applicable Google Workspace API policies and guidelines to maintain the highest standards of data privacy and security.

Use of AI Services (Google Gemini)

We use AI services provided by Google (e.g., Gemini) to power certain features such as image generation, virtual try‑ons, and related transformations. When you submit prompts, images, or other content (“AI Inputs”), we may transmit those AI Inputs to Google solely to provide the requested feature and return the resulting output (“AI Output”). Where available, we configure vendor settings to opt‑out of training on your data and we contractually require vendors to act as processors and to use your data only to provide the service to us. Do not include special categories of personal data or other sensitive information in AI Inputs unless strictly necessary. AI Output may be inaccurate, incomplete, or misleading; it should not be relied upon as fact or as professional advice. You are responsible for validating AI Output and for providing accurate, complete prompts to obtain reliable results.

1. Terms and definitions
1.1. Account — the User’s account identified by the data specified during registration. Account data may include name, email, billing details, and service settings.
1.2. Account registration — the User’s action signaling the intention to conclude a License Agreement (Terms of Use), expressed by clicking “Register” or using other authentication methods.
1.3. Personal data subject — an individual to whom Personal data relates.
1.4. Website (Site) — a set of integrated software and hardware as well as information published on the Internet and displayed in text, graphic or sound form.
1.5. License — a non‑exclusive right to use the Program to the extent established by the ApiWay service.
1.6. Personal Account — the User account identified by the User’s email address.
1.7. Control Panel — the User interface that allows the User to change settings and perform available actions in the Program.
1.8. Software extensions — additional functionality offered to the User at ApiWay’s discretion.
1.9. ApiWay Server (Server) — a hardware and cloud infrastructure providing sufficient performance for the Program.
1.10. Email — for ApiWay: [email protected]; for the User: the address provided when registering the Account.
1.11. Integration Content — data that Users transmit through the Service between third‑party systems (e.g., CRM, messengers, storage) for the purpose of integration/automation. Unless otherwise stated below, Integration Content is processed transit‑only and not stored by ApiWay beyond what is necessary to complete transmission, ensure delivery, provide logs, secure the Service, or comply with law.
1.12. AI Inputs / AI Output — content you submit to or receive from AI features as defined above.

2. General Terms
2.1. This Policy defines the procedure for working with Users’ Personal Data and other data used through the Service (including Integration Content).
2.2. Measures to ensure the security of Personal Data are an integral part of ApiWay’s activities.
2.3. Contractual relations between ApiWay and the User are governed by the License Agreement/Terms of Use.
2.4. Transit nature of processing. For integrations, ApiWay’s role is to receive and transmit data between systems selected by the User. ApiWay does not use Integration Content for its own purposes and does not retain Integration Content longer than necessary for transmission, delivery verification, troubleshooting, billing, security, or legal compliance.

3. Personal Data Processing Principles
3.1.1. Lawfulness, fairness, and transparency. ApiWay processes Personal Data only where permitted by applicable law.
3.1.2. Data minimization. We collect only the minimum data necessary to provide and secure the Service.
3.1.3. Purpose limitation. We process Personal Data solely to fulfill contractual obligations to the User and to operate, secure, and improve the Service.
3.1.4. Accuracy. We take reasonable steps to keep Personal Data accurate and up to date.
3.1.5. Storage limitation. We keep Personal Data no longer than necessary for the purposes described in this Policy, unless a longer period is required by law.
3.1.6. Integrity and confidentiality. We use appropriate technical and organizational measures to protect Personal Data.

4. Personal Data Processing Terms
4.1.1. With the User’s consent where required.
4.1.2. As necessary to perform a contract with the User (provide the Service).
4.1.3. To comply with legal obligations.
4.1.4. For ApiWay’s legitimate interests (e.g., security, fraud prevention, service analytics) provided such interests are not overridden by Users’ rights.
4.2. ApiWay does not disclose to third parties the Personal Data or Integration Content except as described in this Policy or required by law.
4.3. ApiWay does not intentionally process special categories of Personal Data unless the User submits such data as part of Integration Content or AI Inputs. Users should avoid including sensitive data unless strictly necessary.

5. Collection and Processing of Personal Data and other Data
5.1. Categories of data.
5.1.1. Account Data — email, name, organization, password hashes, subscription and billing details (if applicable).
5.1.2. Integration Content — data relayed between systems you connect. Processed on a transit/ephemeral basis as described in §2.4 and §7 (Retention).
5.1.3. AI Inputs and AI Output — prompts, references, and generated results used solely to provide AI features, and retained only as needed for delivery, abuse prevention, troubleshooting, and legal compliance.
5.1.4. Technical Logs & Diagnostics — IP address, timestamps, request/response metadata, error traces, device and browser information, limited usage analytics.
5.1.5. Support Data — content you provide to support channels for troubleshooting.
5.2. Purposes of processing.
5.2.1. Provide, operate, and improve the Service and integrations.
5.2.2. Authenticate Users and manage accounts and subscriptions.
5.2.3. Ensure security, prevent abuse, and investigate incidents.
5.2.4. Provide support and communicate about Service updates.
5.2.5. Comply with legal obligations and enforce agreements.
5.3. ApiWay uses Personal Data in accordance with applicable law and this Policy.
5.4. Confidentiality is maintained for Personal Data and other User Data except where the data is publicly available or provided by the User for public display.

6. Security and Availability
6.1. ApiWay applies appropriate technical and organizational measures (including encryption in transit, access controls, and segregation of duties) to protect Personal Data and Integration Content.
6.2. No system can be guaranteed to be 100% secure or error‑free, and outages or incidents may occur. ApiWay does not warrant uninterrupted or error‑free operation of the Service. In the event of a Personal Data breach, ApiWay will notify affected Users as required by applicable law and will take reasonable steps to mitigate harm.

7. Retention
7.1. Account Data is retained for the duration of the account and as required for compliance, dispute resolution, and enforcement (typically up to 3 years after closure unless a longer period is legally required).
7.2. Integration Content is retained only transiently to complete transmission and for short‑term delivery verification and troubleshooting. Diagnostic logs related to Integration Content are typically retained for up to 30–90 days unless legal obligations require longer retention.
7.3. AI Inputs and AI Output are retained only as needed to deliver the feature, ensure quality and safety, prevent abuse, and comply with law; where feasible, these are stored ephemerally.

8. International Data Transfers
8.1. ApiWay is based in the United States and may process data in the United States and other countries. Where required, we rely on appropriate safeguards for cross‑border transfers, such as the EU Commission’s Standard Contractual Clauses (SCCs) and their UK addendum/IDTA.
8.2. We may use subprocessors (including cloud and AI providers) subject to data protection obligations consistent with this Policy. A current list of categories of subprocessors is available upon request.

9. Your Rights
9.1. Subject to applicable law, you may have rights to access, rectify, erase, restrict, port, or object to processing of your Personal Data. You may also withdraw consent at any time where processing is based on consent.
9.2. EEA/UK residents may lodge a complaint with a supervisory authority. California residents may exercise CPRA rights (access, deletion, correction, portability, opt‑out of sharing). ApiWay does not “sell” or “share” Personal Information as defined by CPRA and does not use sensitive Personal Information for inferring characteristics.

10. Third‑Party Personal Information Used by Users
10.1. When using the Service, Users may transmit third‑party data as Integration Content or AI Inputs.
10.2. The User is responsible for ensuring a lawful basis and, where required, prior consent for processing third‑party data in the Service.
10.3. The User (including legal‑entity representatives) is responsible for claims from data subjects regarding data the User submitted to the Service.
10.4. ApiWay implements appropriate measures to safeguard third‑party data processed through the Service as described in this Policy.

11. Other Provisions
11.1. Governing law for this Policy is the law of the State of Delaware, USA, without prejudice to mandatory protections afforded to individuals under the laws of their habitual residence (e.g., GDPR).
11.2. Disputes shall be resolved in accordance with applicable law. Before going to court, the User should send ApiWay a written complaint. The claim response period is 30 (thirty) business days.
11.3. If any provision of the Policy is held invalid, the remaining provisions remain in effect.
11.4. ApiWay may modify this Policy unilaterally. All changes take effect the day after posting on the Site. The User undertakes to monitor changes by reviewing the current edition.
11.5. Contact. ApiWay, Inc., Delaware, USA. Email: [email protected]. If you are in the EEA/UK, you may contact our EU/UK representative (where appointed) at: [email protected]. For California inquiries, please use the above email.

12. AI Transparency and User Responsibilities
12.1. AI Output is generated automatically and may contain errors. It should not be used as the sole basis for decisions. You must review and verify AI Output before use (e.g., measurements for furniture placement, try‑on visuals, or other representations).
12.2. You agree to provide accurate, complete prompts and context and to take reasonable steps to ensure the AI Output meets your needs. ApiWay is not responsible for harm arising from reliance on AI Output without appropriate human review.