Privacy Policy
Last updated: April 3, 2026
This Privacy Policy explains how Demografix ApS ("Demografix", "we", "us") handles data in connection with the services operated at genderize.io, agify.io, and nationalize.io (the "Services").
Demografix ApS is a company registered in Denmark (CVR: DK40697179), with its registered address at Eriksvej 30, 1 th., Roskilde, Sjælland 4000, Denmark.
1. What We Collect
Data you submit via the API
When you make an API request, you send us a name. We process that name in real time to generate a prediction and return the result. We do not store the names you submit. They are not written to any database, log, or file.
When you upload a CSV file, the original file is processed in memory and is not written to disk. The processed results file is stored temporarily on our servers and is automatically deleted after you download it or after 24 hours, whichever comes first.
We do not log the IP addresses of API requests.
In the event of an application error, our error monitoring service (Sentry) may transiently capture request data as part of an error trace. This data is used solely for debugging.
API request metadata
We log request counts and API key usage for the purpose of rate limiting and billing. This data does not include the names you submit or your IP address.
Account data
When you create an account, we collect:
- Email address
- Password (stored in hashed form — we cannot read it)
- Subscription and billing history
Payment data
Payments are processed by Stripe. Your card details are sent directly to Stripe and never reach our servers. We receive only a confirmation of payment status and a reference to your Stripe customer record.
Website visitors
Our websites use Plausible Analytics, a privacy-friendly analytics service that does not use cookies, does not collect personal data, and does not track individual visitors. We see only aggregate statistics such as page views and referral sources.
2. What We Do Not Collect
- We do not use cookies for tracking or advertising.
- We do not use Google Analytics, Facebook Pixel, or any similar tracking tools.
- We do not collect personal data from website visitors.
- We do not build profiles of API users based on the names they submit.
3. How We Use Your Data
| Data | Purpose |
|---|---|
| Names submitted via API | Processed in real time to generate predictions. Not stored. |
| Request metadata | Rate limiting, billing, abuse prevention. |
| Account data | Account management, service delivery, communication about your subscription. |
| Payment data (via Stripe) | Processing payments, issuing refunds, tax compliance. |
We do not sell your data. We do not share your data for advertising purposes.
4. Third-Party Services
The Services rely on the following third-party providers, which may process limited data in connection with operating the Services:
| Provider | Purpose | Location | Data Privacy Framework |
|---|---|---|---|
| Stripe | Payment processing, tax calculation | USA | EU-US DPF certified; Standard Contractual Clauses |
| DigitalOcean | Infrastructure and hosting | USA (New York) | EU-US DPF participant |
| Sentry | Error monitoring | USA | EU-US DPF participant |
We do not share data with any other third parties.
5. Where Your Data Is Processed
Our servers are hosted by DigitalOcean in the United States (New York). API requests are processed on these servers.
For transfers of data from the European Economic Area to the United States, we rely on the EU-US Data Privacy Framework, under which our infrastructure providers are certified or participating. Where applicable, Standard Contractual Clauses provide additional safeguards.
6. How Long We Keep Data
| Data | Retention |
|---|---|
| Names submitted via API | Not retained. Processed and discarded immediately. |
| CSV upload results | Stored temporarily. Deleted after download or after 24 hours, whichever comes first. |
| API request metadata | Stored in aggregate form for analytics. Not purged. Cannot be linked back to individual requests. |
| Account data | Retained while your account is active. Deleted upon account closure, except where retention is required by law. |
| Billing records | Retained for 5 years after the end of the fiscal year, as required by Danish bookkeeping law. |
7. Your Rights
If you are in the European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):
- Access — request a copy of the data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — ask us to delete your data
- Restriction — ask us to restrict how we process your data
- Portability — receive your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interest
- Withdraw consent — where processing is based on consent, withdraw it at any time
To exercise any of these rights, email us at info@genderize.io. We will respond within 30 days.
If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet) at datatilsynet.dk, or with the supervisory authority in your country of residence.
8. Lawful Basis for Processing
We process data on the following legal bases under GDPR Article 6(1):
- Performance of a contract — processing your API requests and managing your account is necessary to deliver the service you subscribed to.
- Legitimate interest — logging request metadata for rate limiting, billing, and abuse prevention. Our interest in operating a reliable service is balanced against the minimal nature of the data involved.
9. A Note on the Nature of Our Service
Our APIs accept names and return statistical predictions about likely gender, age, or nationality. These predictions are derived from large-scale aggregated demographic data — not from information about specific individuals.
In most use cases, a name submitted to our API — without an accompanying surname, email address, or other identifier — cannot identify a specific person. We do not attempt to identify individuals, we do not link predictions to real people, and we do not store any data that could be used to do so.
If you use our APIs as part of processing personal data in your own systems (for example, enriching a contact database), you are the data controller for that processing. We offer a Data Processing Agreement for customers who require one. See our Terms of Service or contact us at info@genderize.io.
10. Children
The Services are not directed at children. We do not knowingly collect data from anyone under the age of 16. If you believe a child has provided us with data, please contact us and we will delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you via email.
12. Contact
Demografix ApS
Eriksvej 30, 1 th.
Roskilde, Sjælland 4000
Denmark
Email: info@genderize.io
VAT: DK40697179