Bimmervin API — Privacy Policy
Last updated: 7 May 2026
1. Information we collect
Account information. When you register, we collect your email address, optionally your name, and a password (stored only as a hash, never in plain text). Authentication is handled by Amazon Cognito.
Payment information. When you top up, payment is processed by Stripe. We do not store your card details. Stripe provides us with a transaction ID, the amount charged, and your billing email — that's all.
API usage data. Each API call is logged with: the endpoint called, the VIN searched (where applicable), the response status code, the timestamp, and the credits charged. This data is retained for up to 90 days.
Automatic information. When you visit our website or use the API, we automatically collect your IP address, browser type, request timing, and similar metadata. This is used for security, abuse prevention, and aggregate performance analytics.
2. How we use your information
- To deliver the service (process API calls, charge credits)
- To send transactional emails (verification codes, password resets, top-up receipts)
- To enforce rate limits and detect abuse
- To support you when you contact us
- To improve the service (aggregate analytics)
We do not sell your data to third parties.
3. Third parties we share with
Bimmervin API runs on AWS (compute, database, email delivery via SES). Payment processing is by Stripe. DNS and edge security is by Cloudflare. These providers receive only the data they need to deliver their function and are bound by their own data-protection terms.
4. Cookies & local storage
We use cookies and browser local storage to keep you logged in and to remember preferences. You can clear these via your browser settings; doing so signs you out.
5. Data security
We use TLS for all traffic, store passwords as hashes only, and follow standard cloud-security practices. No method of internet transmission or storage is 100% secure; we'll notify you promptly of any incident materially affecting your account.
6. Your rights
You may:
- Access the data we hold about you (view your dashboard)
- Update your account email and password
- Delete your account (contact
[email protected]) — this removes your account, your unspent balance, and your usage history; transactional records (Stripe payment receipts) are retained as required by tax law - Opt out of non-essential email by replying "unsubscribe" or via the link in those emails
7. International transfers
Our infrastructure is in the United States and the United Kingdom. By using the service you consent to your data being processed in those regions.
8. Children
The service is not intended for users under 16. We do not knowingly collect data from minors.
9. Updates
This policy may be updated; we'll note changes by revising the "Last updated" date at the top.