Privacy Policy

Last updated: March 2026

ApiArk is built on a simple principle: your data is yours. We collect nothing by default.

Zero Data Collection by Default

ApiArk collects absolutely nothing out of the box. There is no analytics, no tracking, no fingerprinting, no usage metrics, and no telemetry. We do not use any third-party SDKs that phone home—no Google Analytics, no Mixpanel, no Segment, no Sentry SaaS.

Your Data Stays Local

All user data remains on your local filesystem at all times:

  • Collections and environments are stored as plain YAML files
  • Secrets are stored in standard .env files
  • History and settings are stored in a local SQLite database and JSON files
  • Nothing is uploaded anywhere unless you explicitly use Git push, export, or webhook features

Opt-In Crash Reports

On first launch, a non-modal banner asks if you'd like to help improve ApiArk by sending anonymous crash reports. The default is No.

If you opt in, crash reports contain only: stack trace, OS version, and app version. They never contain request URLs, headers, bodies, environment variables, or secrets.

Crash reports are stored locally in ~/.apiark/crash-reports/ as JSON files. You can inspect or delete them at any time.

License Validation (Pro/Team Only)

If you use a Pro or Team license, ApiArk performs an optional online license check on app launch. This check sends only two pieces of information: your license key and the app version. Nothing else—no usage data, no collection information, no request data.

If the license server is unreachable, your license remains valid. There is no phone-home lockout. License validation is offline-first—the JWT signature is verified locally against a public key embedded in the binary.

No Third-Party Services

ApiArk does not integrate with any third-party data collection or analytics services. The only external connections ApiArk makes are:

  • API requests you explicitly send (your intent)
  • OAuth flows you initiate
  • License validation for Pro/Team users
  • Update checks against our release server

Data Deletion

To completely remove all ApiArk data from your machine, uninstall the application and delete the ~/.apiark/ directory. That's it. There is no cloud account to close, no remote data to request deletion of.

GDPR Compliance

ApiArk is compliant with GDPR by design. No personal data is processed unless you explicitly opt in to crash reporting. The license validation endpoint is hosted in the EU.

Contact

If you have questions about this privacy policy, contact us at privacy@apiark.dev.