Privacy Policy

Last updated: February 2026

1. Overview

grep.md ("we", "us") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights.

2. Data We Collect

Account Data

When you create an account: email address, hashed password, and billing information (processed by Stripe — we never store full card numbers).

Usage Data

For each API request: the target URL, parameters used, response time, cache hit status, and timestamp. This is used for rate limiting, billing, and service improvement. We do not store the converted content after the cache TTL expires.

API Keys

API keys are stored as SHA-256 hashes. We cannot retrieve your original key after creation.

3. How We Use Data

  • Provide and operate the Service
  • Enforce rate limits and prevent abuse
  • Process billing and payments
  • Improve service performance and reliability
  • Respond to support requests

4. Data Storage & Security

Data is stored on Cloudflare's global infrastructure (Workers KV, R2, D1). All data is encrypted in transit (TLS) and at rest. We follow security best practices including SSRF prevention, input validation, and rate limiting.

5. Caching

Converted content is cached temporarily to improve performance:

  • Edge cache (L1): ~5 minutes
  • Global cache (L2): ~1 hour
  • Persistent cache (L3): up to 30 days

Cached content is automatically purged after TTL expiry. Use ?nocache=true to bypass caching.

6. Third Parties

We use the following third-party services:

  • Cloudflare — Infrastructure, CDN, DNS
  • Stripe — Payment processing
  • GitHub — Authentication (OAuth, optional)

We do not sell your data to third parties. We do not use tracking pixels or third-party analytics.

7. Cookies

We use a single session cookie for authentication. No tracking cookies. Theme preference is stored in localStorage (client-side only).

8. Your Rights

You may request to:

  • Export your account and usage data
  • Delete your account and all associated data
  • Revoke all API keys

Contact dev@grep.md with any privacy-related requests.

9. Changes

We may update this policy. Material changes will be communicated via email to registered users. Continued use after changes constitutes acceptance.

10. Contact

For privacy questions: dev@grep.md