🚀 Experience the new and improved APIVoid! Check out what's new
NoVirusThanks is a small IT company based in Perugia, Italy, and we are committed to protecting your privacy. With this in mind, we have designed APIVoid to adhere to a privacy-first principle, ensuring the utmost care and consideration for your personal data. We have no interest in collecting unnecessary or sensitive data about our customers. Our business model is based on paid APIVoid subscriptions, not on your customer account data. Our service dashboard only requires and stores your email, password, and IP address, which are used to display your login history and other security- or account-related activities. No additional data — such as your name, surname, address, credit card information, payment details, or other personally identifiable information (PII) — is stored in our system.
We have engaged well-known, ISO 27001- and SOC 2 Type 2-certified third-party subprocessors for functionality related to payments, credit card management, invoicing, refunds, and related processes. We have partnered with Paddle (based in the UK), our new merchant of record, to handle automated payments, invoices, taxes, refunds, and subscriptions. Additionally, we may occasionally use Stripe (based in the US) for certain custom payments, or, in specific cases, PayPal (also based in the US). To manage our company quotes, invoices and taxes we may use a third-party tax managemet platform named Fatture In Cloud (from MadBit Entertainment S.r.l.) and we may store your company details there if you received a quote or invoice directly from our company. Our tax accountant may also have access, process or store data we save in Fatture In Cloud platform.
Our service dashboard and your customer account data are hosted exclusively on the Google Cloud Platform, which is ISO 27001- and SOC 2 Type 2-certified, in the US regions. We recommend you to visit the Google Cloud's Trust Center page for more information about its security and compliance commitments. Your account data is stored in Google Cloud-managed databases that use TLS connection and are encrypted at rest with AES-256.
When you create an account on our service, we always store your password in the database in an encrypted format, using proven secure hashing algorithms (excluding insecure and easily crackable hashes such as MD5 or SHA*). These algorithms are implemented with a high iteration cost to ensure longer hashing times and increased security. Additionally, we enforce a password policy requiring your password to be at least 15 characters long and to include symbols, alphanumeric characters, as well as both uppercase and lowercase letters. For additional security, we also provide two-factor authentication (2FA) for your account.
To operate our API services, we primarily use Google Cloud Platform, hosted in the US region. For some specific API services and functionalities, we may use a combination of cloud hosting providers based in US and EU, including Hetzner Online GmbH, located in Germany. You can refer to our subprocessors list on our website for additional information. All the cloud and hosting providers we use operate in facilities with top-tier physical security, strict access controls, and hold either ISO 27001 or SOC 2 Type 2 certifications.
When you submit data on our API services, we do not store that data anywhere, our APIs process your request and return the JSON report, that's all. With the only exception for domain names such as "google.com" that are sent on the following API services: Domain Reputation API, Domain Age API, Domain Info API, URL Reputation API, Site Trustworthiness API, Email Verify API. In these specific cases we may extract the domain name such as "www.google.com" or "gmail.com" for further analysis and we may share it with cybersecurity companies to improve the detection of new threats. If an API service operates with sessions (e.g., it returns a session ID that must be periodically checked until its status is set to 'completed'), our system may temporarily store this session and its details, along with the final JSON data, typically for a few hours. This temporary storage enables you to check the session status and download the completed JSON report once it is ready. For debugging purposes we may temporarily store API HTTPS requests on Google Cloud Monitoring and Logging (formerly known as Google Stackdriver). This includes only the IP address, the API endpoint URL and the request and response headers; the JSON payload and response body are not stored. This logging helps troubleshoot issues, such as when a user reports an HTTPS request error for a specific API request or encounters unexpected behavior during usage.
All data in transit is always encrypted using HTTPS and TLSv1.2+; no data is ever transmitted unencrypted across our servers, networks, or systems. We use Google Cloud Platform-managed databases to securely store all the data related to your user account. These databases are encrypted at rest with AES-256 encryption by default, and they enforce secure TLSv1.2+ encryption for all incoming and outgoing connections.
In every third-party subprocessor we use to run our service, we have enabled two-factor authentication (2FA) as an additional layer of security for our company accounts. Additionally, every team member is required to use 2FA authentication. We always use strong passwords that are 64+ characters long and include symbols, alphanumeric characters, as well as both uppercase and lowercase letters. Where possible, we also implement IP whitelisting to ensure that only our company IP addresses can access the accounts.
The customer account data is securely stored in the cloud on Google Cloud Platform. We minimize the data accessible to our people and systems, ensuring they can only access the information strictly necessary to perform their job. We enforce strict access controls, allowing only verified and authorized personnel to access your user account data—and only for valid reasons, such as resolving account-related issues (e.g., if you request a password reset, assistance with login issues, or a change to your account email address). Additionally, all computers and external storage devices used by our people are encrypted. None of these devices store customer data. We do not maintain any servers in our offices, ensuring that your data is not at risk in the event of a physical intrusion into our office premises.
We use well-known vulnerability scanning tools to perform regular scans of our systems and network, ensuring potential risks are detected and addressed promptly. When a vulnerability is found or a manual update is required, we act as quickly as possible—on average within 8 hours. While no system can be considered 100% secure against attackers, we adhere to the best security standards to safeguard our systems from unauthorized access. Additionally, we are committed to transparent communication and will promptly inform users of any data breaches or security incidents that could impact their data or services.
While we don’t currently hold formal certifications such as SOC2 or ISO 27001, we diligently follow industry best practices to safeguard our customers' information. As part of our commitment to regulatory compliance, we adhere to the General Data Protection Regulation (GDPR) principles, even for customers outside the EU. This means we prioritize minimizing the data we collect and process, ensuring we only retain what is absolutely necessary to provide our services, thereby limiting the exposure of sensitive information. All customer account data is hosted on servers and managed databases within Google Cloud Platform's U.S. regions, which are designed to meet stringent security standards. Data is encrypted at rest, and all data in transit is securely encrypted using advanced protocols (TLSv1.2+).
We aim to delete your APIVoid account data as soon as it is no longer needed or when you request us to delete your account data (make sure you do not have any unpaid overages before request account deletion). The less data we store about you, and for the shortest period of time, the better. As mentioned earlier, we designed our service and dashboard to store on our systems as little data about you as possible—just your email, password, and IP address. Please note that we cannot remove payment, quote and invoice-related data created and stored on Paddle (our merchant of record), as Paddle is responsible for managing that type of data. The same applies to payments, quotes and invoices created through Stripe or PayPal. This also applies to custom payments, quotes and invoices issued directly by our company, as our tax manager must retain this data to comply with Italian tax laws.
Last updated on February 10, 2025
Create your account, pick a subscription plan, and make your first API call instantly with your API key—simple as that!
Get started now