Privacy Policy
This policy describes the information collected and stored by MetalsAPI based on the current application behavior.
Information Collected
- Email address provided during registration.
- Password hash stored for account authentication. Plain-text passwords are not stored.
- API key issued to each account.
- Account timestamps such as account creation time and last login time.
- Last login IP address recorded when you sign in or register.
- Authenticated API request logs including email address, client IP address, request path, query string, request method, and request timestamp.
- Metal price history cached by the application for service continuity and recent-history features.
How Data Is Used
- To create and manage user accounts.
- To authenticate dashboard access and API requests.
- To track API usage totals and maintain request logs.
- To help detect abuse, misuse, or operational issues.
- To provide price history and cached price fallback when upstream market data services are unavailable.
Data Storage
Application data is stored in the configured MySQL database for this deployment. The application uses request headers and connection details to record login and API request IP addresses.
Cookies
The dashboard uses an authentication cookie after sign-in so the application can keep you logged in between requests. When email two-factor authentication succeeds, the application may also store a protected trusted-device cookie for one day.
Account Deletion
If you delete your account from the account page, the application removes your account record. API activity log entries are retained unless you remove them separately.
Operator Notice
If you deploy this application for public users, you should review and update this page with your own contact details, retention periods, legal basis, and any jurisdiction-specific disclosures required for your use case.