Privacy Policy

Last updated: June 24, 2026

1. Who we are

Nasca ("we", "us", "our") provides a per-user AI cost tracking and rate limiting service for software developers. Our service is accessible at nasca.dev. Questions about this policy can be directed to hello@nasca.dev.

2. Information we collect

Account information. When you sign up, we collect your email address. We use this to identify your account and send service-related communications.

Usage data. We store AI usage events submitted through the SDK on your behalf — specifically: model name, token counts, and computed cost in USD. This data is associated with your account and with anonymised end-user IDs you supply.

Billing information. Payment is processed by Stripe. We store only your Stripe customer ID and subscription status. We never see or store raw card numbers.

Automatically collected data. Our infrastructure may log standard HTTP request metadata (IP address, user agent, timestamp) for security and debugging. These logs are retained for a maximum of 30 days.

3. How we use your information

  • To provide, operate, and improve the Nasca service
  • To display usage analytics in your dashboard
  • To enforce plan limits and process subscription billing
  • To send transactional emails (account confirmations, billing receipts)
  • To investigate abuse or security incidents

We do not sell your personal data. We do not use your data for advertising.

4. Third-party services

We use the following sub-processors to operate our service:

  • Supabase — database and authentication (EU/US regions)
  • Cloudflare — edge compute for the API worker
  • Upstash — Redis for real-time spend counters
  • Stripe — payment processing and subscription management
  • Vercel — hosting for the dashboard web application

Each processor handles data under their own privacy and security terms. We select processors that maintain appropriate data protection standards.

5. Data retention and deletion

We retain your account data and usage events for the duration of your account. When you delete your account — either through the dashboard Settings page or by contacting us — we immediately and permanently delete your data across all systems:

  • Stripe — any active subscriptions are cancelled immediately and your Stripe customer record (including all stored payment methods and invoice history) is permanently deleted.
  • Upstash Redis — all real-time spend counters and rate-limit keys associated with your account and your end-users are deleted.
  • Supabase database — all usage events, end-user records, tier configurations, notifications, and your account row are deleted. Your authentication record is then permanently removed.

Deletion is irreversible and takes effect immediately. Financial records that applicable law requires us to retain (such as records of completed transactions) may be retained for the legally required period, but personal identifiers are removed where possible. Anonymised aggregate statistics may be retained indefinitely.

6. Your end-users

You supply Nasca with external user IDs to track spend per user. These IDs are opaque strings — Nasca does not know who your end-users are and does not collect any personal information about them. You are responsible for handling your end-users' data in accordance with your own privacy policy and applicable law.

7. Your rights

Depending on your jurisdiction, you may have rights to access, correct, or delete personal data we hold about you, or to object to or restrict certain processing. To exercise any of these rights, email hello@nasca.dev. We will respond within 30 days.

8. Security

We use industry-standard measures including encryption in transit (TLS), encrypted storage, and access controls. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security but take reasonable precautions to protect your data.

9. Changes to this policy

We may update this policy from time to time. We will notify you by email or via the dashboard if we make material changes. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

10. Contact

For any privacy-related questions, please contact us at hello@nasca.dev.