Security

Data Sources

All data is sourced from official UK government APIs under the Open Government Licence v3.0. No proprietary or personal data is collected from third parties.

Infrastructure

Hosted on Vercel’s edge network. Database on Supabase (PostgreSQL). Rate limiting via Upstash Redis.

Encryption

All API calls are served over HTTPS/TLS 1.3. API keys are hashed at rest using SHA-256. No plaintext credentials are stored.

Authentication

API keys use the format ukd_live_ (production) and ukd_test_ (testing). Keys can be rotated via the dashboard. x402 payments use cryptographic proofs on Base Mainnet.

Data Handling

UKDataAPI queries upstream government APIs in real-time and does not permanently store response data. Email addresses are collected for account registration. No personally identifiable information (PII) is collected through API queries themselves.

Rate Limiting

All tiers have enforced rate limits (10–500 req/min) to prevent abuse. Automatic throttling returns HTTP 429 with retry-after headers.

Contact

Report security issues to jackmmaher@gmail.com.

Privacy Policy →Terms of Service →