Privacy Policy

Last updated: 24 March 2026

1. Introduction

This privacy policy explains how rng.dev ("we", "us", "our") collects, uses, and protects your personal data when you use our website and API services.

We are committed to protecting your privacy and handling your data in an open and transparent manner. This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

We collect minimal data necessary to provide our services:

2.1 Account Information

If you create an account via Google OAuth, we receive and store:

• Your OAuth provider identifier (a unique ID from Google)
• Your email address (for account identification)
• Your display name (if provided by Google)

We do not receive or store your Google password.

2.2 API Key Data

If you create API keys for programmatic access, we store:

• A cryptographic hash of your API key (we never store the plaintext key)
• The key name you provide
• Usage metadata (creation date, last used date, daily request count)

2.3 Analytics Data

We use Plausible Analytics, a privacy-focused analytics service that we self-host on our own infrastructure. Plausible collects:

• Page views and referrer information
• Browser and operating system type
• Country of origin (derived from IP, but IP is not stored)

Plausible does not use cookies, does not collect personal data, and does not track users across websites. All analytics data is aggregated and cannot be used to identify individual users.

2.4 Technical Data

For rate limiting and security purposes, we temporarily process:

• IP addresses
• Request timestamps

This data is held in memory only and is not persisted to our database.

2.5 Contact Form Data

If you submit a support request via our contact form, we collect:

• Your message content
• Your account email (if logged in)

This data is used solely to respond to your enquiry.

2.6 Data We Do Not Collect

We do not use tracking pixels, advertising networks, or invasive analytics. We do not collect device fingerprints or precise location data.

3. How We Use Your Information

We use your data solely to:

• Authenticate your identity when you log in
• Provide API access and track usage against rate limits
• Prevent abuse and protect the service from malicious activity
• Respond to support requests or legal obligations

4. Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract: Processing necessary to provide our services to you
• Legitimate interests: Protecting our service from abuse and ensuring security
• Legal obligation: Compliance with applicable laws

5. Data Storage and Security

Your data is stored on secure servers. We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction.

API keys are stored as cryptographic hashes using industry-standard algorithms. We cannot recover your plaintext API key—if lost, you must generate a new one.

6. Data Retention

We retain your data only as long as necessary:

• Account data: Until you delete your account
• API keys: Until you revoke them or delete your account
• Analytics data: Aggregated statistics retained indefinitely; no personal data is stored
• Contact form submissions: Until your enquiry is resolved, then deleted
• Rate limiting data: Held in memory only, cleared automatically

7. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes.

We may share data with:

• Infrastructure providers: Our hosting provider processes data on our behalf under appropriate data processing agreements
• Legal authorities: If required by law or to protect our rights

8. International Transfers

Your data may be processed in countries outside the UK. Where this occurs, we ensure appropriate safeguards are in place to protect your data in accordance with UK GDPR requirements.

9. Cookies

We use minimal cookies necessary for the service to function:

• Authentication cookies: To keep you logged in during your session

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

10. Your Rights

Under UK GDPR, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Request limitation of processing
• Portability: Receive your data in a structured, machine-readable format
• Object: Object to processing based on legitimate interests

To exercise these rights, please contact us using the details below.

11. Complaints

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Helpline: 0303 123 1113

12. Contact Us

For privacy-related enquiries or to exercise your rights, please contact us via:

• Support form: Available on the Support page when logged in
• GitHub: github.com/rngdotdev/beacon

13. Changes to This Policy

We may update this privacy policy from time to time. The "last updated" date at the top of this page indicates when the policy was last revised. We encourage you to review this policy periodically.