Privacy Policy
Last updated: 10 June 2026
This Privacy Policy explains what information Xratei (the “Service”, “we”, “us”) collects, why, and what choices you have. Using the Service means you agree to the practices described here.
1. Information we collect
Using the Xratei converter requires no account and no personal information. We do not run third-party analytics scripts and we do not build profiles of visitors.
Local browser storage is used only for your own preferences (theme: dark/light, starred currencies for the favorites tab, preferred language). This data never leaves your device.
If you choose to create an optional developer account (used only for managing API keys), we collect the information described in section 4.
2. Exchange-rate data
Your browser talks only to xratei.com. Our server refreshes rates once a day from open public market sources and serves them to you from a global edge cache; your requests are not relayed to any third-party rate provider.
3. The Xratei API
Xratei offers a free public API at xratei.com/api/v1 for developers. When you call the API:
- Programmatic access requires a free API key from the optional developer account (section 4). The converter on the website itself needs no account or key.
- We record aggregate, non-identifying telemetry per request — the endpoint called, the currency pair, the country-level location, the response status, and the latency — to plan capacity and detect abuse. We do not store your IP address or user-agent string in this telemetry.
- Requests are served by Cloudflare's global edge network. As part of standard CDN operation, Cloudflare may process your IP address and user-agent string for security, abuse prevention, and edge caching. See Cloudflare's privacy policy.
- API responses for anonymous use set no cookies and contain only public exchange-rate data — no personally identifiable information.
4. Developer accounts & API keys
Creating an account is optional and only needed if you want API keys with usage statistics. For account holders we store:
- Your email address and a one-way hash of your password — we never store or see the password itself.
- Session records, kept via a first-party session cookie that is strictly necessary for signing you in. This cookie is set only after you sign in and is never used for advertising or tracking.
- For each API key: a name you choose, the key’s prefix, a one-way hash of the key, and aggregate usage counters. The full key is shown once at creation and is not stored in recoverable form.
We do not send marketing email and we do not share or sell account data. You can delete your account and keys at any time — see section 8.
5. Third-party advertising (Google AdSense)
We display ads served by Google AdSense. As part of how AdSense works:
- Google, as a third-party vendor, uses cookies to serve ads on this site.
- Google’s use of advertising cookies enables it and its partners to serve ads to you based on your visit to this and other sites on the Internet.
- Visitors in the EEA, UK, and Switzerland are shown a consent message before any personalised advertising cookies are used, as required by Google’s EU User Consent Policy.
- You may opt out of personalised advertising by visiting Google’s Ads Settings.
- You can also opt out of a third-party vendor’s use of cookies for personalised advertising at aboutads.info.
6. Cookies
Browsing Xratei anonymously sets no first-party cookies — preferences live in local storage as described in section 1, and the API sets no cookies for anonymous use. The only first-party cookie we ever set is the strictly necessary session cookie for signed-in developer accounts (section 4). Advertising cookies set by Google are described in section 5.
7. Data retention
- Account data is kept until you delete your account, then removed.
- API telemetry is aggregate and non-identifying, and may be retained indefinitely for trend analysis.
- Local-storage preferences stay on your device until you clear your browser data.
8. Your rights (GDPR & CCPA)
Depending on where you live, you may have the right to access, correct, export, or delete personal data we hold about you, to object to or restrict processing, and to lodge a complaint with your local supervisory authority. Since we hold no personal data for anonymous visitors, these rights mostly apply to developer accounts.
To exercise any right, contact us via the contact page or email info@xratei.com from the address linked to your account. We respond within 30 days, and we do not discriminate against you for exercising your rights.
9. Security
All traffic to Xratei is encrypted with TLS. Passwords and API keys are stored only as one-way hashes using industry-standard algorithms. Access to production data is limited to the operators of the Service.
10. Children
Xratei is not directed at children under 13. We do not knowingly collect information from anyone under 13.
11. Changes
If this policy changes, the “Last updated” date above will change too. Material changes will be highlighted on the home page.
12. Contact
Questions about this policy? Use the contact page or email info@xratei.com.