Privacy Policy
Last updated: July 4, 2026
The short version
TmpState is built to know as little about you as possible. There are no user accounts, no email signups, no advertising, no tracking cookies, and we never sell data. Databases are anonymous, expire on a published schedule, and are stored only under cryptographic hashes of their access URLs.
1. Who is responsible
TmpState operates this service. For anything in this policy, contact support@tmpstate.dev.
2. What we process, and why
- Database contents. Whatever JSON you choose to store. We process it solely to serve your requests and enforce quotas. Please do not store personal data of others, or regulated data, in a temporary database - see the acceptable-use rules.
- IP addresses. Used in-memory-of-the-database for rate limiting (windows are minutes to hours; rate-limit rows are deleted after 2 days) and in short-lived operational logs for abuse prevention and debugging. Legal basis: legitimate interest in keeping an anonymous service abusable by no one.
- Payment data.Payments run entirely on Stripe. We receive and store Stripe identifiers (customer, subscription, session ids) and amounts - never card numbers. Stripe's own privacy policy governs what Stripe collects. Legal basis: performing the contract you enter when you buy.
- Analytics. We use Vercel Web Analytics on the marketing pages, which is cookie-free and aggregates visits without building visitor profiles.
- Browser storage.The Pro dashboard keeps your Pro token in your own browser's localStorage (never sent to us except as API authorization); the theme preference is stored the same way. Neither is a tracking mechanism.
3. How long data lives
Free databases expire after 24 hours (longer if extended), stay frozen and restorable for 72 hours, and are then permanently deleted by a daily job. Pro databases follow the subscription schedule described in the terms. You can delete any database immediately via the API. Operational logs and rate-limit records are short-lived (days). Stripe payment records are retained as long as accounting and consumer-protection law requires.
4. Processors and hosting
We use Vercel (application hosting and analytics), Neon (managed Postgres storage), and Stripe (payments). Each processes data on our behalf under their respective data-processing agreements. Data is processed in the United States and the European Union depending on the provider's infrastructure.
5. Your rights
Because databases are anonymous, the strongest privacy control is in your hands: export your data (GET $DB/__export) or delete it instantly (DELETE with ?confirm=true) at any time, without asking us. If you are in a jurisdiction with statutory rights (access, rectification, erasure, portability, objection), contact support@tmpstate.dev and we will honor them to the extent we can associate any data with you at all.
6. Changes
We will post any changes to this policy on this page with an updated date. Material changes will be called out plainly.