KireiFilter
Sign in Create account

Privacy Policy

Last updated: March 1, 2026

KireiFilter ("we", "our", or "us") operates the KireiFilter spam detection API and website at https://kireifilter.net. This policy explains what personal data we collect, why we collect it, and how we handle it.

1. Data we collect

Account data

When you register, we store your email address. We use passwordless authentication — we do not store passwords. We store a short-lived login code (valid for 15 minutes) to verify your identity when you sign in.

API request data

Each call to the spam-check API is logged. The log record includes: the input fields you submitted (IP address, email address, content body, and other fields in the request), the spam score returned, which detection layers triggered, and a timestamp. This data is used to provide the service, display your request history, and improve detection accuracy.

Usage metadata

We track API quota consumption (number of requests per period) per account. We also collect standard server logs — request timestamps, HTTP status codes, and your IP address when you access our website or API.

2. How we use your data

  • To authenticate you and manage your account
  • To process spam-check API requests and return results
  • To enforce quota limits
  • To display your request history in the dashboard
  • To improve detection accuracy (aggregate, non-personal analysis)
  • To send transactional emails — login codes and replies to contact form messages
  • To respond to support or legal inquiries

We do not sell your data. We do not use it for advertising.

3. Data retention

Account data is retained for as long as your account is active. API request logs are retained for 90 days, after which they are automatically deleted. Login codes expire after 15 minutes and are deleted once used or expired. Server access logs are kept for up to 30 days.

You may request deletion of your account and associated data at any time by contacting us.

4. Data location

All data is stored and processed on servers located in Germany, operated by Hetzner Online GmbH. Data does not leave the European Union. This means your data is subject to EU data protection law, including the GDPR.

5. Third-party services

We use the following third-party services:

  • DDEV / hosting provider — server infrastructure where data is stored and processed
  • Transactional email provider — used to send login codes and contact form replies; your email address is passed to this service only for delivery purposes
  • GitHub OAuth — if you choose to link a GitHub account, we receive your GitHub username and account ID; we do not store your GitHub token

We do not share personal data with any other third parties unless required by law.

6. Cookies and sessions

We use a single session cookie to keep you logged in. No third-party tracking cookies or analytics cookies are used.

7. Your rights

Depending on your jurisdiction you may have the right to access, correct, or delete personal data we hold about you, and to object to or restrict certain processing. To exercise any of these rights, contact us and we will respond within 30 days.

8. Security

We use HTTPS for all data in transit. Access to production data is restricted to authorised personnel. Despite these measures, no system is perfectly secure — please use strong, unique credentials for your email account.

9. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via the email address on your account. Continued use of the service after a change constitutes acceptance of the updated policy.

10. Contact

Questions about this policy? Use the contact form and we'll get back to you.