OmRate
Open app

Privacy Policy

Last updated: March 30, 2026

1. Who We Are

DeFi Rates is an independent service that aggregates DeFi lending rate data. For privacy questions, contact us at privacy@defirates.io.

2. Information We Collect

Information you provide

  • Email address (via Google OAuth sign-in)
  • Name and profile picture (from your Google account, optional)

Information collected automatically

  • API request logs (endpoint, timestamp, response code) — retained for 30 days
  • IP address (used for abuse detection only, not stored long-term)
  • Browser type and version (standard server logs)

3. How We Use Your Information

  • To authenticate you and provide access to the Service
  • To enforce rate limits and detect abuse
  • To send transactional emails (subscription confirmations, API key changes)
  • To improve the Service based on aggregate usage patterns

We do not sell your personal data to third parties. We do not use your data for advertising.

4. Third-Party Services

  • Google OAuth — used for authentication. Subject to Google's Privacy Policy.
  • Paddle — our payment processor and Merchant of Record. Handles billing data under their own Privacy Policy.
  • MongoDB Atlas — database hosting. Data stored in cloud infrastructure.

5. Data Retention

  • Account data: retained while your account is active, deleted within 30 days of account deletion.
  • API logs: retained for 30 days, then automatically deleted.
  • Billing records: retained as required by applicable financial regulations (typically 7 years).

6. Cookies

We use authentication cookies issued by our backend to keep you signed in. We do not use tracking or advertising cookies. No cookie consent banner is required.

7. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Request correction or deletion of your data
  • Export your data in a portable format
  • Object to or restrict certain processing

To exercise any of these rights, email privacy@defirates.io.

8. Security

We use industry-standard security practices including HTTPS, hashed secrets, and access controls. However, no system is 100% secure. Please report security vulnerabilities to security@defirates.io.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice on the site.