Privacy Policy

Last updated: March 27, 2026

Who we are

szum is a chart rendering service operated by Bartosz Prusinowski, based in Zürich, Switzerland. You can reach us at contact@szum.io.

What data we collect

We collect only what we need to run the service.

  • Account information – name, email address, and hashed password when you sign up with email. If you sign in with GitHub, we receive your name, email, and profile image from the provider.
  • Payment information – handled entirely by Stripe. We never see or store your card number. We store your Stripe customer ID and subscription status.
  • API usage – we track the number of chart renders per month to enforce plan limits. Usage counts are stored per user, not per request.
  • API keys – stored as SHA-256 hashes. We cannot recover the original key.

Unauthenticated GET requests are rate-limited by IP address. We do not store IP addresses beyond the duration of the rate limit window.

How we use your data

  • To provide and maintain the service
  • To authenticate you and manage your account
  • To process payments and manage subscriptions
  • To enforce rate limits and usage quotas
  • To send transactional emails (verification, password reset)

We do not sell your data. We do not use your data for advertising. We do not send marketing emails.

Third-party services

We use the following services to operate szum:

  • Vercel – hosting and edge network
  • Turso – database for accounts and API keys
  • Upstash – Redis for rate limiting and usage tracking
  • Stripe – payment processing
  • Resend – transactional email delivery
  • Vercel Analytics – privacy-friendly, cookieless web analytics

Each service has its own privacy policy. We choose providers that handle data responsibly.

Cookies

We use a single session cookie to keep you signed in. It is HTTP-only and essential to the service. We do not use tracking cookies or third-party advertising cookies.

Data retention

  • Account data is kept until you delete your account. You can do this from the account settings page.
  • Usage data (render counts) expires automatically at the end of each billing month.
  • Rate limit data expires within seconds to minutes, depending on the limit type.

Your rights

Under Swiss data protection law (FADP) and the EU General Data Protection Regulation (GDPR), you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your account and all associated data
  • Export your data
  • Object to processing

You can delete your account and revoke API keys directly from your dashboard. For any other requests, email contact@szum.io.

Children

szum is not intended for children under 16. We do not knowingly collect data from children.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email to registered users. The latest version is always available at this URL.

Contact

Questions about this policy? Email contact@szum.io.