Privacy Policy

Last updated: March 2026

This Privacy Policy explains how OASDIFF LTD (company number 17071693) ("we", "us", or "our") collects, uses, and protects information when you use the oasdiff website and API (the "Service"). We are committed to handling your information responsibly and transparently.

1. Information We Collect

Uploaded specification files

When you use the diff calculator or API, you submit OpenAPI specification files. These files are processed in memory to generate your diff result and are not written to disk or retained after the response is sent. We do not read, analyse, or index the contents of your specs for any purpose other than computing the diff you requested.

Contact form submissions

If you send us a message via the contact form, we collect your name and email address so that we can reply. This information is delivered to us by email and is not stored in a database.

Account information (paid plans)

When you subscribe to a paid plan, we collect your email address and payment information. Payment processing is handled by Stripe; we do not receive or store your full payment card details. We store only the information necessary to manage your subscription (email address, Stripe customer ID, plan type).

Usage and analytics data

We use Google Analytics to understand how the Service is used in aggregate. Google Analytics collects data such as pages visited, browser type, country, and session duration via cookies and similar technologies. This data is pseudonymous and used only to improve the Service. You can opt out using the Google Analytics opt-out browser add-on.

Server logs

Our hosting infrastructure automatically records standard server log data, including IP addresses, request paths, and timestamps. Logs are retained for up to 30 days for security and debugging purposes and are then deleted.

2. How We Use Your Information

  • To compute and return the diff result you requested.
  • To respond to contact form enquiries.
  • To manage your subscription and process payments.
  • To monitor and improve the performance and reliability of the Service.
  • To comply with legal obligations or protect against fraud and abuse.

3. Cookies

We do not set first-party cookies for tracking or advertising. Google Analytics sets its own cookies (_ga, _gid) to distinguish users and sessions. No other third-party cookies are used. Future features (such as account sign-in) may introduce session cookies; this policy will be updated accordingly.

4. Data Sharing

We do not sell, rent, or trade your personal information. We share data only with:

  • Stripe — to process subscription payments.
  • Google Analytics — to collect anonymised usage statistics.
  • Our hosting provider — for infrastructure operation; they process data under a data processing agreement.
  • Law enforcement or regulators — only where required by applicable law.

5. Data Retention

  • Uploaded specification files — not retained; deleted after the request completes.
  • Contact form messages — retained in our email inbox until manually deleted; typically no longer than 1 year.
  • Account data — retained while your account is active and for up to 90 days after deletion for legal and accounting purposes.
  • Server logs — retained for up to 30 days.

6. Your Rights

Depending on your location, you may have rights under the GDPR (EEA/UK), CCPA (California), or similar laws, including the right to:

  • Access a copy of the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your personal data ("right to be forgotten").
  • Object to or restrict certain processing activities.
  • Withdraw consent for analytics cookies (see the opt-out link in section 1 above).

To exercise any of these rights, please contact us at oasdiff.com/contact. We will respond within 30 days.

7. Security

We use HTTPS for all connections to the Service. Uploaded files are processed in isolated request contexts and are not written to persistent storage. However, no system is perfectly secure, and we encourage you to avoid uploading specification files that contain embedded credentials or other sensitive secrets.

8. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has submitted personal information to us, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised policy on this page with an updated "Last updated" date. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.

10. Contact

For privacy enquiries, please use the contact form or email us directly at privacy@oasdiff.com.