Privacy Policy

This policy describes the information collected and stored by MetalsAPI based on the current application behavior.

Information Collected

• Email address provided during registration.
• Password hash stored for account authentication. Plain-text passwords are not stored.
• API key issued to each account.
• Account timestamps such as account creation time and last login time.
• Last login IP address recorded when you sign in or register.
• Authenticated API request logs including email address, client IP address, request path, query string, request method, and request timestamp.
• Metal quote history cached by the application for service continuity and recent-history features.

How Data Is Used

• To create and manage user accounts.
• To authenticate dashboard access and API requests.
• To track API usage totals and maintain request logs.
• To help detect abuse, misuse, or operational issues.
• To provide quote history and cached quote fallback when upstream market data services are unavailable.

Data Storage

Application data is stored in the configured MySQL database for this deployment. The application may contact third-party market data services and public IP lookup services during normal operation in order to serve quotes and determine a public-facing login IP.

Cookies

The dashboard uses an authentication cookie after sign-in so the application can keep you logged in between requests.

Account Deletion

If you delete your account from the account page, the application removes your account record and stored API request history associated with that account.

Operator Notice

If you deploy this application for public users, you should review and update this page with your own contact details, retention periods, legal basis, and any jurisdiction-specific disclosures required for your use case.