Privacy Policy
Last updated: May 27, 2026
Effective date: April 2, 2026.
This Privacy Policy describes how Farther Shore, Inc. ("Farther
Shore," "we," "us," or "our") collects, uses, and shares
information when you use the Farther Shore platform — the hosted
dashboard, developer portal, API gateway, billing integrations, and
related services (collectively, the "Service").
This policy covers our handling of (a) Builders' data — the data of
companies and individuals who sign up to use Farther Shore to
publish APIs — and (b) visitors to our marketing pages. It does
not cover the relationship between a Builder and the subscribers
of that Builder's API; each Builder publishes its own privacy
policy for its subscribers.
Account and contact data. When you create an account or
correspond with us, we collect your name, email address,
organization name, and similar contact details. For paid plans, we
collect billing contact information; payment card details go
directly to our payment processor (see "Subprocessors" below) and
are not stored on our servers.
Configuration data. As you use the Service, we collect the
products, plans, documentation, rate limits, branding, and other
configuration you publish through the dashboard.
Operational and usage data. We collect telemetry needed to run
the Service — including API requests routed through the gateway
(method, path, response status, latency, bytes, timestamps),
authentication events, billing events, dashboard interactions, and
server logs. This data is needed to meter usage accurately, bill
customers, detect abuse, and keep the platform reliable.
Identifiers from cookies and similar technologies. We use
cookies and similar tools for authentication, session continuity,
preference storage, and product analytics. See "Cookies" below.
Information from integrations you authorize. If you connect
third-party services (such as your Stripe account, GitHub
repository, or webhook destinations), we receive data from those
services as needed to deliver the integration.
We use information to:
- operate, maintain, and secure the Service;
- meter usage, generate invoices, and reconcile billing;
- surface analytics, alerts, and dashboards back to you;
- detect, investigate, and prevent fraud, abuse, and security
incidents;
- respond to support requests and communicate with you about your
account, service status, and material changes;
- improve the Service through aggregate analytics and engineering
investigation; and
- comply with our legal obligations and enforce our Terms.
We do not sell personal information, and we do not use Builder data
to train machine-learning models without your express consent.
3. Legal bases for processing (EEA / UK)
Where the EU or UK GDPR applies, we rely on the following legal
bases:
- Performance of a contract — to deliver the Service to you;
- Legitimate interests — to secure the Service, prevent abuse,
and improve our product, balanced against your rights;
- Legal obligation — for tax, accounting, and other compliance
needs; and
- Consent — where required, for example for certain analytics
or marketing communications. You can withdraw consent at any time.
We share information only as follows:
Subprocessors. We use trusted third-party providers to operate
the Service. They process data only on our instructions and under
written agreements requiring appropriate safeguards. Our current
subprocessors include:
- Stripe — payments, payouts, and subscription billing;
- Cloudflare — CDN, DNS, edge gateway, and DDoS protection;
- Clerk — authentication and identity management;
- PostHog — product analytics and session telemetry;
- Polar — usage and subscription reporting to merchants of record;
- Cloud hosting providers — application hosting, managed
databases, and object storage for documentation and assets.
We will keep this list current. Material changes to the
subprocessor list will be communicated through the Service.
Service providers. We may share information with other vendors
who help us run the business (such as logging, error tracking,
email delivery), under similar contractual protections.
Legal and safety. We may disclose information when we believe in
good faith that disclosure is required to comply with law, respond
to lawful requests from authorities, enforce our Terms, or protect
the rights, property, or safety of Farther Shore, our customers, or
others.
Business transfers. If Farther Shore is involved in a merger,
acquisition, financing, or sale of assets, information may be
transferred to the successor entity, subject to commitments at
least as protective as this Policy.
5. Data retention
We keep account and configuration data while your account is
active. After termination, we may retain limited records to satisfy
legal, tax, accounting, audit, and security obligations, typically
no more than seven (7) years for financial records and shorter
periods for other data. We aggregate or delete operational
telemetry once the windows required for billing, security, and
debugging have passed.
You can request deletion of your account data at any time (see
"Your rights").
6. Your rights
Depending on where you live, you may have the right to:
- access the personal information we hold about you;
- correct inaccurate information;
- delete information, subject to limits where we have a legal basis
to retain it;
- export your data in a portable format;
- restrict or object to certain processing;
- withdraw consent where processing is based on consent; and
- lodge a complaint with your local data protection authority.
To exercise these rights, email
[email protected] from the
email address on your account, or use the self-serve controls in
the dashboard where available. We will respond within the timeframes
required by applicable law.
For California residents, this section describes the rights granted
by the California Consumer Privacy Act ("CCPA") as amended by the
CPRA. We do not sell or share personal information for
cross-context behavioral advertising as defined under California
law.
7. International transfers
Farther Shore is based in the United States and our subprocessors
operate globally. If you access the Service from outside the United
States, your information may be transferred to, stored, and
processed in the United States or other countries. Where required
by law, we rely on appropriate safeguards (such as the EU Standard
Contractual Clauses) for international transfers.
8. Security
We protect information with measures appropriate to the sensitivity
of the data, including encryption in transit (TLS) and at rest,
network isolation, signed service tokens between internal
components, role-based access controls, and audit logging on
sensitive operations. No system is perfectly secure, however; if
you believe your account has been compromised, contact us
immediately.
9. Cookies and similar technologies
We use cookies and similar technologies for:
- Authentication and session continuity — keeping you signed
in and routing requests to the right tenant;
- Preferences — remembering choices like theme and locale; and
- Analytics — measuring usage patterns to improve the Service.
You can control cookies through your browser settings; disabling
some cookies may break functionality such as sign-in.
10. Children
The Service is not directed to individuals under 18. We do not
knowingly collect personal information from anyone under 18. If you
believe we have collected information about a minor, contact us
and we will delete it.
11. Changes to this policy
We may update this policy from time to time. The current version
will always be posted at this URL with a new effective date. For
material changes, we will give you reasonable advance notice (for
example, by email or in-dashboard banner) before the changes take
effect.
Questions about this policy, or requests to exercise your privacy
rights?