Back to Home

Privacy Policy

Last updated: March 17, 2026

This Privacy Policy describes how Erarta Labs ("we," "our," or "us") collects, uses, and protects information about you when you use the c0r.ai Food API service ("Service").

1. Information We Collect

1.1 Account Information

When you register, we collect:

  • Email address
  • Company or project name (optional)
  • Billing information (processed by Stripe — we do not store card details)

1.2 API Usage Data

We automatically log:

  • API request timestamps, endpoints, and response codes
  • Search queries and barcode lookups (for rate limiting and abuse prevention)
  • IP address (for security and geographic rate limiting)
  • API key used (hashed identifier)

1.3 Uploaded Content

If you use AI dish analysis endpoints, food images are processed in real-time and are not stored beyond the duration needed to return results (typically <5 seconds).

2. How We Use Your Information

  • To provide and operate the API Service
  • To enforce rate limits and detect abuse
  • To process payments and manage your subscription
  • To send transactional emails (account activation, invoices, API alerts)
  • To improve API accuracy and performance
  • To comply with legal obligations

3. Data Sharing

We do not sell your data. We share data only with:

  • Stripe — for payment processing
  • Supabase — for database hosting (SOC 2 Type II compliant)
  • AWS — for API infrastructure (EKS/ECR)
  • Law enforcement when required by valid legal process

4. Data Retention

API usage logs are retained for 90 days for billing verification and abuse prevention. Account data is retained until you delete your account. Upon account deletion, your personal data is removed within 30 days.

5. Security

We implement industry-standard security measures including TLS encryption in transit, encryption at rest, and API key hashing. API keys are displayed only once at creation and stored only as hashes.

6. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate account information via the dashboard
  • Delete your account and associated data
  • Export your usage history
  • Opt out of marketing emails (transactional emails cannot be opted out while account is active)

To exercise these rights, contact api@c0r.ai.

7. Cookies

The dashboard uses essential cookies for authentication session management. We use Google Analytics to measure website traffic. You may disable cookies in your browser settings; this will prevent dashboard login.

8. Changes to This Policy

We will notify registered users by email of material changes to this policy at least 14 days before they take effect.

9. Contact

© 2026 c0r.ai. All rights reserved. · Terms of Service