Draft
SaveCall API security & privacy
This page is a draft and not a final compliance or legal statement.
Current repo truth supports these careful statements:
- the API server is a separate HTTP service with its own runtime state
- runtime data can currently be in-memory or file-backed
- API-key and clientRef enforcement exist on
/v1/resolve - billing state is derived from persisted webhook events
What is not yet published here as final: full retention policy, production hosting controls, incident policy, subprocessors, or legal/privacy wording.
Until those are closed, external integrators should treat this page as an architectural draft only.