Privacy Policy
Last Updated: March 1, 2026
3Min API (hereinafter "Service") is an API relay service operated by Maverick Works (hereinafter "Company"). The Company values user privacy and complies with applicable privacy laws including the Personal Information Protection Act of Korea and GDPR.
3Min API collects only the minimum personal information necessary to provide its services.
This Privacy Policy explains the types of personal information we collect, the purposes for collection, retention periods, third-party sharing, and your rights regarding your data.
1. Personal Information We Collect
1.1 Information Collected During Registration
The Company collects the following information through Google OAuth:
| Item | Purpose | Required |
|---|---|---|
| Email Address | Account identification and service notifications | Required |
| Name | Display within the service | Required |
| Profile Photo | Display within the service | Optional |
1.2 Information Automatically Collected During Service Use
The following information is automatically generated and collected during service use:
- API Call Data: API request/response data according to user-defined schemas
- Log Information: API call timestamps, status, webhook delivery results
- Usage Statistics: Daily/monthly API call counts, success/failure rates
- Access Information: IP address, browser type, access time
1.3 Information Collected During Payment
When subscribing to paid plans, the following information is processed through Paddle (payment processor):
- Payment method information (card number, expiration date, etc.)
- Billing address
- Payment history
Note: Payment information is processed directly by Paddle. The Company does not directly store sensitive payment information such as card numbers.
2. Purposes of Personal Information Collection
The Company uses collected personal information for the following purposes:
| Purpose | Details |
|---|---|
| Service Provision | Account creation, API endpoint management, data storage and webhook delivery |
| Account Management | Identity verification, service access management, subscription status management |
| Customer Support | Inquiry response, problem resolution, announcement delivery |
| Service Improvement | Usage pattern analysis, feature improvement, bug fixes |
| Billing | Subscription billing, overage charges, payment history management |
| Legal Compliance | Record keeping required by applicable laws |
3. Personal Information Retention Periods
3.1 Account Information
| Category | Retention Period |
|---|---|
| Account information (email, name, profile) | Until account deletion |
| API schemas and settings | Free plan: 7 days after creation / Paid plans: Until account deletion |
3.2 Service Usage Records
| Category | Retention Period |
|---|---|
| API call logs | Free plan: 7 days after creation / Paid plans: Until account deletion |
| Usage statistics | Free plan: 7 days after creation / Paid plans: Until account deletion |
3.3 Retention Required by Law
Information retained as required by applicable laws:
| Category | Period | Legal Basis |
|---|---|---|
| Consumer complaint or dispute records | 3 years | E-Commerce Act |
| Access logs | 3 months | Communications Privacy Act |
Records related to payments and transactions (contracts, withdrawals, billing, invoices, etc.) are retained and managed by Paddle (Merchant of Record) in accordance with applicable laws. For details, please refer to Paddle's Privacy Policy.
4. Third-Party Sharing of Personal Information
The Company does not, in principle, provide users' personal information to third parties. However, exceptions are made in the following cases:
4.1 Service Providers
| Provider | Service | Information Processed |
|---|---|---|
| Supabase | Database hosting | Account information, API data, logs |
| Cloudflare | API processing and CDN | API request/response data |
| Paddle | Payment processing | Payment information, subscription status |
| Vercel | Web hosting | Access logs |
4.2 Legal Requests
Information may be provided in response to lawful requests from investigative agencies pursuant to applicable laws.
5. International Transfer of Personal Information
Personal information is transferred internationally for service provision as follows:
| Recipient | Country | Data Transferred | Purpose |
|---|---|---|---|
| Supabase Inc. | USA | Account information, API data | Database services |
| Cloudflare Inc. | USA | API request/response data | API processing |
| Paddle.com | UK | Payment information | Payment processing |
| Vercel Inc. | USA | Access logs | Web hosting |
These providers comply with international data protection standards including GDPR.
6. Your Rights
You may exercise the following rights at any time:
6.1 Right of Access
- You can view the current status of your personal information processing.
- You can directly view account information, API logs, and usage statistics in the dashboard.
6.2 Right to Rectification
- You can request correction of inaccurate or incomplete personal information.
- You can directly modify your name in Dashboard > Settings > Profile.
6.3 Right to Erasure
- You can request deletion of your personal information.
- You can delete all data through Dashboard > Settings > Profile > Delete Account.
- When deleting your account, all API schemas, logs, and statistics are immediately deleted and cannot be recovered.
6.4 Right to Restrict Processing
- You can request restriction of personal information processing.
- However, restrictions may be limited where necessary to comply with legal obligations.
6.5 Right to Data Portability
- You can receive your personal information in a machine-readable format.
- You can view API logs in the dashboard and access necessary data.
- You can download archived production data from Dashboard > Archives.
6.6 How to Exercise Your Rights
- Online: Settings menu in the dashboard
- Email: contact@3minapi.com
7. Security Measures
The Company takes the following measures to protect personal information:
7.1 Technical Measures
- HTTPS/TLS encryption for all data transmissions
- Database access control and encryption
- Authentication and access control through API keys
- DDoS attack detection and blocking
7.2 Administrative Measures
- Minimization of personal information access privileges
- Regular security inspections
- Daily database backups (provided by Supabase, 7-day retention)
8. Cookie Usage
The Service uses cookies for user authentication and session management.
| Cookie Type | Purpose | Retention Period |
|---|---|---|
| Authentication cookies | Maintain login status | Until session end |
| Preference cookies | Store language and theme settings | 1 year |
You can refuse cookie storage through browser settings, but this may limit service functionality.
9. Children's Privacy
The Service does not allow membership registration for children under 14 years of age. If we become aware that personal information of a child under 14 has been collected, we will delete that information immediately.
10. Changes to Privacy Policy
This Privacy Policy may be modified due to changes in laws or service policies.
- Changes will be announced within the service or via email.
- Important changes will be notified at least 7 days in advance.
- Modified policies take effect from the announced effective date.
11. Privacy Officer
For inquiries, complaints, or to exercise your rights regarding personal information processing, please contact:
- Email: contact@3minapi.com
- Company: Maverick Works
- Location: Republic of Korea
12. Dispute Resolution
If you need to report or consult regarding privacy violations, you may contact the following organizations:
- Privacy Infringement Report Center: privacy.kisa.or.kr / (Korea) 118
- Personal Information Dispute Mediation Committee: kopico.go.kr / (Korea) 1833-6972
- Supreme Prosecutors' Office Cyber Investigation: spo.go.kr / (Korea) 1301
- National Police Agency Cyber Bureau: cyberbureau.police.go.kr / (Korea) 182
This Privacy Policy is effective as of March 1, 2026.