SDKey

Docs

Sign in

Data protection for integrators

How SDKey processes personal data for your end users, and which APIs support GDPR access and erasure when you are the controller.

Roles

For developer accounts, Cesery LLC (96383 Bay View Dr, Fernandina Beach, FL 32034; operator of SDKey) is the controller. For end-user data sent through client register/login/upgrade and license validate (username, email, HWID, IP, security logs), you are typically the controller and Cesery LLC is the processor under our Terms (Processor Addendum).

You must provide your own privacy notice and legal basis to end users before collecting their data through your app.

What we store for end users

  • app_users — username, optional email, password hash, last IP/HWID, linked license
  • licenses — HWID binding, last seen IP
  • security_logs — IP, country, HWID, event metadata (~90 day retention, then purged)
  • application_bans — banned IP or HWID values

Helping with data-subject requests

Use these authenticated dashboard / Bearer API endpoints:

  • Export users — GET /api/v1/apps/:id/users/export
  • Delete a user — DELETE /api/v1/apps/:id/users/:userId
  • List / search users — GET /api/v1/apps/:id/users
Export
curl -sS https://api.sdkey.dev/api/v1/apps/$APP_ID/users/export \
  -H "Authorization: Bearer $SDKEY_TOKEN"
Delete
curl -sS -X DELETE https://api.sdkey.dev/api/v1/apps/$APP_ID/users/$USER_ID \
  -H "Authorization: Bearer $SDKEY_TOKEN"

Deleting a user removes the app_users row. It does not automatically revoke the linked license or clear historical security logs (logs expire via retention). Ban a license separately if needed.

Developer account rights

Developers can export or delete their own account under Settings, or via GET /api/v1/account/export and POST /api/v1/account/delete. See also the public Privacy Policy on sdkey.dev.

Subprocessors

Cloudflare provides hosting, edge compute, D1, KV, Turnstile, and sampled observability. Fonts are self-hosted. Details: Privacy Policy on sdkey.dev.