Privacy Policy

Template / draft. Published for review; not legal advice. Finalize with counsel for your jurisdiction (GDPR/CCPA specifics, etc.).

The short version: in the default self-hosted / thin-client deployment, your prompts, model outputs, and API key never reach us — we process only account details and aggregate, metadata-only usage figures. If you opt into the hosted-gateway deployment, your request content and API key are processed in memory solely to route the request (read by our classifier to select a model) and are not persisted (handled as your processor under the DPA); we do not store prompt content or model outputs.

What we collect

Account data: name/email/company of authorized users; authentication data (password hashes, not plaintext).
Operational metadata: task category, token counts, model identifiers, cost/savings figures, status and routing flags — and any opt-in per-request metadata you send.
Billing data: handled by our payment processor; we store usage amounts and invoices.
We do NOT store prompt text or model outputs. In the default self-hosted deployment the proxy never transmits them (or your API key) to us, and our endpoints reject payloads that contain them. In the optional hosted-gateway deployment they are processed in memory only to route the request (read by our classifier to select a model) and are not persisted.

How we use it

To provide and secure the Service, compute savings and billing, send service communications (e.g. password resets, budget/review alerts, invoices), and improve routing in aggregate. We do not sell personal data.

We share data only with the service providers needed to run the Service (hosting, payments, email), listed at /legal/subprocessors, under appropriate data-protection terms. In the default self-hosted deployment your prompt content goes from your infrastructure directly to Anthropic with your key — not via us; in the hosted-gateway deployment it is processed in memory only to route the request (read by our classifier to select a model) and is not persisted.

Retention & your rights

We retain account and aggregate billing data for as long as your account is active and as needed for legal/operational purposes. You can export your data from the console and request access, correction, or deletion by emailing [email protected]. Where applicable (GDPR/UK GDPR/CCPA), you have rights to access, rectify, delete, port, and object; for personal data we process on your behalf as a processor, see the DPA.

Cookies & analytics

The console uses a single, HMAC-signed session cookie to keep you signed in. No third-party advertising or tracking cookies. Our public marketing site uses privacy-respecting, cookieless analytics (aggregate page views and referrers only — no cookies, no cross-site tracking, and no personal data); product usage in the console is measured as aggregate counts (see "What we collect"), never prompt content.

Security & contact

Security practices are described at /security (TLS, encryption at rest, hashed credentials, least-privilege access). Questions or requests: [email protected].