Privacy Policy

Effective Date: December 4, 2025

Table of Contents

1. Introduction
2. Information We Collect
3. How We Use Your Information
4. Data Sharing and Third Parties
5. Data Retention
6. Security Measures
7. Your Rights
8. Cookies and Tracking
9. International Data Transfers
10. Children’s Privacy
11. Changes to This Policy
12. Contact Us

1. Introduction

MdFetch (“we,” “us,” or “our”) operates the mdfetch.ai website and provides an API service that converts web pages to clean, AI-ready Markdown format. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using MdFetch, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect:

• Email address (required)
• Name (optional)
• Company name (optional)
• Password (stored securely using bcrypt hashing)

2.2 API Usage Data

When you use our API, we automatically collect:

• Request URLs (the web pages you’re converting)
• Timestamps of API requests
• API keys (hashed and encrypted)
• Response times and status codes
• Request volumes and rate limit information

2.3 Technical Data

We automatically collect certain technical information:

• IP addresses
• Browser type and version
• Device information (type, operating system)
• Referring URLs

2.4 Payment Information

Payment information is processed by Stripe, our payment processor. We do not store your full credit card numbers or payment details on our servers. We only receive limited information from Stripe such as the last four digits of your card and transaction status.

2.5 Analytics Data

We use Plausible Analytics, a privacy-friendly analytics service, to understand how our service is used. Plausible does not use cookies and does not collect personal data. It provides aggregate statistics only.

2.6 What We Do NOT Collect

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and maintain the service: Process API requests, manage your account, and deliver our core functionality
• Process payments: Bill you for API usage according to our pricing model
• Improve our service: Analyze usage patterns to optimize performance and develop new features
• Communicate with you: Send service announcements, security alerts, and respond to inquiries
• Prevent fraud and abuse: Monitor for suspicious activity and enforce our Terms of Service
• Comply with legal obligations: Respond to legal requests and prevent illegal activity

4. Data Sharing and Third Parties

We share your information with third parties only in the following limited circumstances:

4.1 Service Providers

• Stripe: Payment processing (Stripe Privacy Policy)
• Fly.io: Infrastructure hosting and deployment (Fly.io Privacy Policy)
• Plausible Analytics: Privacy-friendly website analytics (Plausible Privacy Policy)

4.2 Legal Requirements

We may disclose your information if required by law, such as to comply with a subpoena, court order, or similar legal process.

4.3 Business Transfers

If MdFetch is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email of any such change in ownership.

5. Data Retention

• Active accounts: We retain your account data for as long as your account is active
• Deleted accounts: When you delete your account, we retain your data for 30 days, then permanently delete it
• Logs and usage data: API request logs are retained for 90 days for security monitoring and debugging
• Billing records: Financial records are retained for 7 years as required by law

6. Security Measures

We implement industry-standard security measures to protect your information:

• Encryption in transit: All data transmitted to and from our service is encrypted using TLS 1.3
• Secure password storage: Passwords are hashed using bcrypt with salt
• API key security: API keys are hashed and encrypted at rest
• Regular security audits: We conduct regular security assessments of our infrastructure
• Access controls: Limited employee access to production systems with audit logging

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Rights

7.1 GDPR Rights (EU/EEA Residents)

If you are located in the European Union or European Economic Area, you have the following rights:

• Right to access: Request a copy of your personal data
• Right to rectification: Correct inaccurate personal data
• Right to erasure: Request deletion of your data (“right to be forgotten”)
• Right to data portability: Receive your data in a portable format
• Right to object: Object to certain processing activities
• Right to restrict processing: Request limited processing of your data
• Right to withdraw consent: Withdraw consent for data processing at any time

7.2 CCPA/CPRA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to know: Request information about data we collect and how it’s used
• Right to delete: Request deletion of your personal information
• Right to opt-out: Opt-out of the sale of personal information (we do not sell data)
• Right to non-discrimination: Not be discriminated against for exercising your rights

7.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at hello@mdfetch.ai. We will respond to your request within 30 days.

You can also manage most of your information directly through your account dashboard.

8. Cookies and Tracking

We use minimal cookies to provide essential functionality:

• Session cookies: Required for authentication and keeping you logged in
• Security cookies: CSRF protection tokens

We do NOT use:

• Advertising or tracking cookies
• Third-party analytics cookies (Plausible does not use cookies)
• Social media tracking pixels

9. International Data Transfers

Your data is processed and stored in the United States on servers operated by Fly.io. If you are accessing our service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States.

For users in the European Union, we rely on Standard Contractual Clauses approved by the European Commission for data transfers. We ensure that adequate safeguards are in place to protect your data in accordance with GDPR requirements.

10. Children’s Privacy

Our service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@mdfetch.ai and we will delete such information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the “Effective Date” at the top of this policy
• Send you an email notification at least 30 days before the changes take effect
• Display a prominent notice on our website

Your continued use of the service after the effective date of the updated policy constitutes your acceptance of the changes. If you do not agree with the updated policy, please stop using our service and contact us to delete your account.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: hello@mdfetch.ai Website: https://mdfetch.ai

We will respond to all requests within 30 days.

---

Last updated: December 4, 2025