Privacy Policy

Last updated July 7, 2026

This policy explains, in plain English, what personal data CrustAPI collects, why we collect it, who we share it with, and the rights you have over it. CrustAPI is a data API at crustapi.com that returns Google Search and Google Maps data as clean JSON or CSV. We are not affiliated with, endorsed by, or sponsored by Google. It covers visitors to our site and anyone who holds a CrustAPI account.

1. Who we are and who is responsible

CrustAPI is a data API. It returns Google Search results and Google Maps and local-business data as clean JSON or CSV. In this policy, CrustAPI, we, us, and our all mean the CrustAPI service. You means the person or business using our site or service.

CrustAPI is a business-to-business service. It is not a consumer or end-user product.

For the personal data of website visitors and account holders (for example your name, email, and account records), we are the controller. We decide why and how that data is processed.

For the data you send to us and retrieve through the API as part of your own work, you are the controller and we act as your processor. You are responsible for having a lawful basis for that processing and for using the data in line with the laws that apply to you.

2. What personal data is

Personal data means any information that relates to an identified or identifiable person. That includes obvious things like a name or email address, and less obvious things like an account identifier or an IP address when it can be linked back to a person.

This policy is about the personal data we hold about you as a visitor or customer. It is not about the public web data you fetch through the API, which you control as described above.

3. What personal data we collect

We only collect what we need to run the service. The categories below are the complete list.

4. What we do not do

These are real choices we have made, not just promises.

5. Why we process your data and our legal bases

We process your personal data for the reasons below. Where the GDPR applies, we also rely on the legal bases noted.

6. Who we share your data with

We do not sell or rent your personal data, and we do not share it for advertising.

We share your data only with the trusted service providers that help us run CrustAPI, for example payment processing, email delivery, and hosting. They can use your data only to provide their service to us, and they are bound by confidentiality.

We may also share data if the law requires it, or when we need to protect our rights, our users, or the security of the service.

We process data in the United States. If you are in the EEA or the UK, any transfer of your data is protected by appropriate safeguards, such as the Standard Contractual Clauses.

7. How long we keep it

We keep your account data while your account is open. You can ask us to delete it at any time by emailing support@crustapi.com.

We keep some records, for example billing and tax records, for as long as the law requires or for as long as we need them to resolve disputes or enforce our agreements.

We retain usage metadata for billing, fraud prevention, and product analytics.

8. Automated decision-making

We do not make decisions about you that are based solely on automated processing and that produce legal effects or similarly significant effects. Automated steps such as rate-limiting and account lockout are security measures, not decisions of that kind.

9. Your rights

You have rights over your personal data. To exercise any of them, email support@crustapi.com.

If you are in the EEA or the UK, under the GDPR you have the right to:

10. California privacy rights

If you are a California resident, under the CCPA and CPRA you have the right to know what personal information we collect and how we use it, the right to delete it, the right to correct it, and the right to opt out of the sale or sharing of personal information. We do not sell or share your personal information. You also have the right not to be treated differently for exercising these rights.

To exercise any California right, email support@crustapi.com.

For requests under the GDPR, we respond within one month. We can extend that by up to two more months for complex or numerous requests, and we will tell you if we need to.

11. Cookies and browser storage

crustapi.com sets no cookies at all, and we use no tracking or advertising cookies. To keep you signed in and remember a dashboard preference, we use your browser's local storage instead of cookies.

During payment, checkout runs on our payment provider's own pages, and they may set their own cookies there to process the payment and prevent fraud. Those cookies are governed by that provider's policies, not ours.

Our Cookie Policy explains the browser storage we use in more detail.

12. How we secure your data

We take reasonable steps to protect your data.

13. Age and eligibility

CrustAPI is a business-to-business service. To use it you must be at least 18 years old and use CrustAPI for business or professional purposes. The service is not intended for children, and we do not knowingly collect personal data from children.

14. Changes to this policy

We may update this policy from time to time. If a change is material, we will notify you through the site or by email. If you keep using CrustAPI after an update, that means you accept the updated version.

15. Contact

For any privacy or data-rights request, or any other matter, contact us at support@crustapi.com.