Parley

Privacy Policy

Last updated: March 30, 2026

1. Introduction

Parley ("we," "our," or "us") operates a REST API that normalizes environmental compliance data from the EPA's ECHO database. This Privacy Policy describes the information we collect when you use our API and website at parley.dev, how we use it, and the choices you have.

By creating an account or making API requests, you agree to the practices described here.

2. Information We Collect

Account Information

When you register, we collect your email address and name for account identification, and optionally your company name for context. That's it — we don't ask for a phone number, physical address, or any other personal details.

API Usage Data

Each API request generates a log entry that includes the HTTP method, endpoint path, query parameters, response status code, and response time. We also record a one-way hash of your IP address (never the raw IP), your user-agent string, and daily request counts per API key for rate limiting and billing.

Payment Information

All payment processing is handled by Stripe. We never see or store your credit card number or bank details. The only payment-related data on our servers is your Stripe customer ID and subscription ID, which we use to manage your tier and billing state.

3. Information We Do Not Collect

We believe in collecting as little as possible. Specifically:

  • We do not use cookies on the API. The website uses only essential session cookies for authentication.
  • We do not use tracking pixels or advertising beacons.
  • We do not collect personal information from EPA environmental data — all EPA data served through our API is already publicly available.
  • We do not store raw IP addresses. Only irreversible one-way hashes are retained.

4. How We Use Your Information

Everything we collect serves a specific operational purpose:

  • Authenticating your API requests and maintaining your account
  • Enforcing rate limits based on your subscription tier
  • Processing billing and tracking usage for metered pricing
  • Detecting and preventing abuse or unauthorized access
  • Responding to support requests
  • Communicating important service updates such as API changes or outages

We do not use your information for advertising, profiling, or any purpose unrelated to operating the Service.

5. How We Protect Your Information

Security is built into how we handle data at every layer:

  • API keys are stored as SHA-256 hashes. Your key is shown once at creation and never stored in plaintext.
  • All traffic is encrypted in transit via TLS. The API is only accessible over HTTPS.
  • The database is not publicly accessible — it sits behind a private network and is only reachable by the application.
  • Webhook payloads are signed with per-webhook HMAC-SHA256 secrets so you can verify authenticity.

6. Data Retention

We retain different types of data for different periods:

DataRetention
Account data (email, name, company)While your account is active
Request logs (path, status, duration, IP hash)90 days
Usage metrics (daily request counts)Indefinitely, for billing records
Webhook delivery records30 days

7. Third-Party Services

We share data with a small number of services that are essential to operating Parley:

  • Stripe handles payment processing and subscription management. See Stripe's Privacy Policy.
  • Umami provides anonymous website analytics. It is open-source, self-hosted on our own infrastructure, and collects no personal information — no cookies, no IP addresses, no fingerprinting. It only records anonymous page views and events.
  • Sentry (optional) receives error reports and performance data to help us debug issues. PII transmission is disabled in our Sentry configuration.

We do not sell, rent, or share your personal information with anyone else.

8. Your Rights

You are in control of your data. At any time, you can:

  • View your data — access your account information and usage statistics through the API or your dashboard.
  • Delete your account — permanently remove your account and all associated data at any time. This also cancels any active subscription and revokes all API keys.
  • Export your data — contact us to request a copy of your account data.
  • Revoke API keys — deactivate any API key at any time through the API or dashboard.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. Your continued use of the API after a change constitutes acceptance of the updated policy.

10. Contact

Questions about this policy or how we handle your data? Reach us at support@parley.dev.