API Privacy Addendum

Last updated: April 7, 2025

Blockunity Business API - Operated by HYVI LDA

This API Privacy Addendum ("Addendum") supplements our General Privacy Policy and describes the specific data processing practices applicable to the Blockunity Business API service ("API Service"). This Addendum applies to all users of the API Service accessible through business.blockunity.io, hyvicore.blockunity.io, hyvicore.com, and hyvicore.io.

Data processing is carried out in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Portuguese data protection law (Lei n. 58/2019).

Data Controller

The data controller for the API Service is:

Data We Collect Through the API Service

In addition to the data described in our General Privacy Policy, the API Service collects the following specific categories of data:

Organization Data

  • Organization name, slug, description, and website.
  • Billing email and payment information (processed by Stripe).
  • Team member information (name, email, role within the organization).

API Usage Data

  • API key metadata (key prefix, name, creation date, last used date).
  • Request logs: endpoint accessed, timestamp, IP address, response status code, response time, credit cost, and associated API key identifier.
  • Credit transactions: type, amount, balance changes, and associated endpoint or operation.
  • Rate limit and usage statistics (daily, monthly, and total usage counters per organization and per API key).

Security Data

  • IP addresses used for API requests and IP whitelist configurations.
  • Authentication events (login, logout, token refresh, SSO events).
  • Abuse detection metrics and scores.

Purposes and Legal Bases

Purpose Legal Basis (GDPR Art. 6)
Providing and maintaining the API Service Performance of contract
Authentication and API key management Performance of contract
Credit tracking and billing Performance of contract
Rate limiting and usage enforcement Performance of contract / Legitimate interest
Abuse detection and infrastructure protection Legitimate interest
Security monitoring and incident response Legitimate interest
Compliance with the API Terms of Service Legitimate interest
Service improvements and analytics Legitimate interest
Legal and regulatory compliance Legal obligation

Data Retention

  • Organization and account data: Retained for the duration of the account and up to 12 months after deletion.
  • API request logs: Retained for up to 90 days for operational and debugging purposes, then archived in anonymized form for up to 24 months.
  • Credit and billing transactions: Retained for the period required by applicable tax and accounting laws (typically 7 years).
  • Security and abuse data: Retained for up to 12 months for security purposes.
  • IP address logs: Retained for up to 12 months.

Data Sharing

We do not sell your personal data. In addition to the third parties mentioned in our General Privacy Policy, the API Service may share data with:

  • Stripe: Payment and subscription data for billing purposes. See Stripe's Privacy Policy.
  • Infrastructure providers: Hosting and CDN services within the EU/EEA for request processing and delivery.

Your Rights

As described in our General Privacy Policy, you have the right to access, rectify, erase, restrict processing of, and port your personal data. You also have the right to object to processing and to lodge a complaint with the Comissao Nacional de Protecao de Dados (CNPD).

To exercise your rights regarding API Service data, please contact us at [email protected].

Please note that certain data (such as request logs and billing records) may need to be retained for legitimate business, legal, or regulatory purposes even after an erasure request.

Data Security

We implement appropriate technical and organizational measures to protect API Service data, including:

  • API key hashing (SHA-256) - full keys are never stored.
  • HTTPS encryption for all API communications.
  • IP whitelisting capabilities for API key access control.
  • Role-based access control within organizations.
  • Automated abuse detection and monitoring.

Changes to This Addendum

We may update this Addendum from time to time. The updated date at the top of this page indicates when the addendum was last revised. We encourage you to review this page periodically.

Contact Us

For any questions about this API Privacy Addendum, please contact us at [email protected].

Account Settings
Theme
Allows you to choose a light or dark display theme, depending on your viewing preferences.
Mode
Allows you to switch between the Lite and Advanced modes of the application. Lite mode simplifies the display of certain functions, especially for beginners. Advanced mode, by default, lets you use the full capabilities of the platform.
Animations
Allows you to choose whether or not to display certain application animations, in particular to disable animated backgrounds for better readability if necessary.