Privacy Policy
Last updated: March 2, 2026
1. Who We Are
PSRESTful is operated by Gallardo Solutions Corp ("PSRESTful," "we," "us," or "our"). We provide a REST/JSON API that lets promotional products distributors connect to their suppliers through PromoStandards without dealing with SOAP/XML directly.
This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have. It applies to our website at psrestful.com, our API, our dashboard, and any related services (collectively, the "Service").
By using the Service you agree to the practices described here. If you do not agree, please do not use the Service.
2. Information We Collect
2.1 Account Information
When you create an account we collect your name, email address, company name, and password credentials. Authentication is handled through Auth0, which may also receive your IP address and browser metadata during sign-in.
2.2 Billing Information
If you subscribe to a paid plan, payment is processed by Stripe. Stripe collects your credit-card or payment-method details directly; we never see or store your full card number. We do receive your Stripe customer ID, subscription status, plan type, and billing email so we can manage your account.
2.3 Usage Data
We automatically collect information about how you interact with the Service, including:
- API calls made (endpoint, supplier, timestamp, response status)
- Pages visited on the website and dashboard
- Browser type, operating system, device type, and screen resolution
- IP address and approximate geographic location
- Referring URL and search terms that led you to us
2.4 Contact & Support Information
When you fill out our contact form we collect your name, email, company, and message content. These submissions are forwarded to our team via Slack for response. Contact forms are protected by Google reCAPTCHA, which may collect device and interaction data to verify you are human.
2.5 Cookies & Tracking Technologies
We use cookies and similar technologies for authentication, session management, analytics, and remembering your preferences. Specifically:
| Provider | Purpose | Type |
|---|---|---|
| PSRESTful | Session management, CSRF protection | Essential |
| Auth0 | Authentication tokens | Essential |
| Google Analytics | Website traffic and behavior analytics | Analytics |
| Google Tag Manager | Tag management and conversion tracking | Analytics |
| LogRocket | Session replay and error monitoring | Analytics |
| Stripe | Fraud prevention during checkout | Essential |
| Google reCAPTCHA | Bot detection on forms | Essential |
When you first visit our site, a cookie banner lets you accept or decline analytics cookies. You can change your preference at any time using the "Cookie Settings" link in the footer. Essential cookies cannot be disabled as they are required for the Service to function.
3. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service
- Authenticate you and manage your account
- Process payments and manage subscriptions
- Track API usage for billing, rate-limiting, and plan enforcement
- Send transactional emails (welcome messages, account notifications, export-ready alerts)
- Respond to your support and sales inquiries
- Analyze website and API usage to improve performance and features
- Monitor for errors, abuse, and security incidents
- Comply with legal obligations
We do not sell your personal information. We do not use your data for automated decision-making or profiling that produces legal effects.
4. Third-Party Service Providers
We share information with third-party providers only as needed to operate the Service. Each provider is contractually obligated to protect your data and use it only for the purposes we specify.
| Provider | Purpose | Data Shared |
|---|---|---|
| Auth0 (Okta) | Authentication & identity | Email, name, IP address |
| Stripe | Payment processing | Billing email, payment method, plan details |
| Amazon Web Services | Cloud hosting, file storage (S3), message queues (SQS) | Uploaded files, exported data, application data |
| SendGrid (Twilio) | Transactional email delivery | Email address, first name |
| Google Analytics / GTM | Website analytics | Page views, IP address, device info |
| LogRocket | Session replay & error monitoring | User ID, name, email, session interactions |
| Google reCAPTCHA | Bot and spam prevention | IP address, device interaction signals |
| Fly.io | Application hosting | Application data in transit |
| Slack | Internal notification of support requests | Contact form name, email, message |
| OpenAI | Product classification | Product descriptions (no personal data) |
If you connect your Shopify store through our PromoSync integration, we also exchange product, inventory, and store-configuration data with Shopify under your authorization.
5. Data Storage & Security
Your data is stored on servers located in the United States (AWS us-east-1 region and Fly.io infrastructure). We protect it with:
- Encryption in transit (TLS/HTTPS on all connections)
- Encryption at rest for databases and file storage
- Role-based access controls for internal systems
- Regular dependency updates and security patches
- API key authentication and OAuth 2.0 token validation
No system is 100% secure. If we discover a breach that affects your personal data, we will notify you and any applicable regulators as required by law.
6. Data Retention
We retain your personal data for as long as your account is active or as needed to provide you the Service. Specifically:
- Account data — kept while your account is active; deleted within 90 days of account closure upon request
- API usage logs — retained for up to 12 months for billing and analytics
- Cached API responses — automatically expire based on configured TTLs (typically minutes to hours)
- Billing records — retained as required by tax and accounting law (typically 7 years)
- Contact-form messages — retained for up to 24 months
When data is no longer needed, we delete or anonymize it.
7. Your Rights
Depending on where you live, you may have the following rights regarding your personal data:
For all users
- Access — request a copy of the personal data we hold about you
- Correction — ask us to correct inaccurate or incomplete data
- Deletion — ask us to delete your personal data (subject to legal retention requirements)
- Opt-out of marketing — unsubscribe from promotional emails at any time
Additional rights under GDPR (EEA/UK residents)
- Portability — receive your data in a structured, machine-readable format
- Restriction — ask us to limit how we process your data
- Objection — object to processing based on legitimate interests
- Withdraw consent — where processing is based on consent, withdraw it at any time
- Lodge a complaint — file a complaint with your local data protection authority
Additional rights under CCPA (California residents)
- Know — request details about what personal information we collect and why
- Delete — request deletion of personal information
- Non-discrimination — we will not discriminate against you for exercising your rights
- No sale — we do not sell personal information as defined by the CCPA
To exercise any of these rights, email us at support@psrestful.com. We will respond within 30 days (or within the timeframe required by applicable law).
8. International Data Transfers
Our servers and most of our third-party providers are based in the United States. If you are accessing the Service from outside the US, your data will be transferred to and processed in the US. We rely on standard contractual clauses and provider certifications (where applicable) to ensure adequate protection for international transfers.
9. Children's Privacy
The Service is a B2B product designed for business use. We do not knowingly collect personal information from anyone under the age of 16. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or through the Service. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or want to exercise your data rights:
Gallardo Solutions Corp (d/b/a PSRESTful)
Email: support@psrestful.com
Phone: +1 (786) 390-3345
Website: psrestful.com/contact-us