nextAPI

Privacy Policy

Last updated: April 2026

1. Information We Collect

Account Data

When you create an account, we collect your name, email address, and organization name through our authentication provider (Clerk). We do not store passwords directly.

Usage Data

We collect API request metadata including timestamps, endpoints called, response codes, latency, and credit consumption. This data is used for billing, debugging, and service improvement.

Content Data

Prompt text and reference images submitted via the API are forwarded to the upstream model provider (Seedance) for processing. Generated videos are stored temporarily in our CDN for delivery and deleted after the retention period configured in your account (default: 7 days).

2. How We Use Your Data

  • To provide, maintain, and improve the Service
  • To process billing and enforce spend limits
  • To detect and prevent fraud, abuse, and security incidents
  • To communicate important service updates
  • To comply with legal obligations

3. Data Sharing

We do not sell your personal data. We share data only with:

  • Upstream Model Provider (Seedance) — prompt text and reference images for video generation
  • Authentication (Clerk) — identity verification and session management
  • Infrastructure (Cloudflare, Aliyun) — hosting, CDN, and DDoS protection
  • Payment Processing — billing and invoice management

4. Data Security

All API communication is encrypted via TLS 1.3. API keys are hashed with Argon2id before storage. Webhook payloads are signed with HMAC-SHA256. We enforce rate limiting and IP allowlists for additional protection.

5. Data Retention

  • Account data: retained while your account is active, deleted within 30 days of account closure
  • API logs: retained for 90 days for debugging and compliance
  • Generated videos: retained per your account settings (default 7 days)
  • Billing records: retained for 7 years per tax and legal requirements

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data
  • Export your data in a portable format
  • Object to processing

To exercise these rights, contact privacy@nextapi.dev.

7. Cookies

We use essential cookies for authentication and session management. We use PostHog for product analytics with anonymized data. You can disable analytics cookies in your browser settings.

8. Contact

For privacy-related questions, contact us at privacy@nextapi.dev.