Back Home

Privacy in plain English

A human-readable summary of the key points. This overview is for convenience only and is not legally binding— the full text below is what governs.

Only metadata is logged by default

Out of the box we store usage metadata only — tokens, cost, latency and which provider was used — never the content of your prompts or responses. You can optionally turn on full request retention under Settings → Policies if you want it.

AI requests are sent anonymously

When we route a request to a provider, it is forwarded without any link to your LLM Gateway account. Providers receive the request on its own and cannot connect it back to your identity.

We never sell your data

Your personal information is never sold. Data is shared only with a small set of vetted sub-processors (Stripe, Google Cloud, Resend) and the AI provider you choose to route to.

Provider terms are transparent

Each provider's data retention timeframe and whether your data is used for AI training is listed on the Providers page and on every individual provider detail page.

You stay in control

You can access, export or delete your data at any time. Billing records are kept for 10 years where tax and accounting law requires it.

We don’t store payment details

Payments are handled securely by Stripe. We never see or store your credit card information.

Privacy Policy

Effective Date: October 21, 2025
Last Updated: June 5, 2026

LLM Gateway (“we”, “our”, or “us”) provides a unified AI gateway platform that enables users to connect, manage, and analyze AI models across multiple providers.
This Privacy Policy explains how we collect, use, and protect your personal information when you use our website, services, or applications (collectively, the “Service”).

1. Information We Collect

a. Account Information

When you register an account, we collect your name, email address, and organization details.
For Pro and Enterprise users, we may also collect billing details such as company name, address, and payment information (processed securely via Stripe).

b. Usage Data

We automatically collect technical and usage information when you use our Service, including:

  • IP address, browser type, and device information
  • Log data, API requests, and timestamps
  • Model usage statistics (e.g., provider name, tokens used, latency, and cost)

c. AI Request Data

Depending on your data retention settings, we may store:

  • Retain All Data: Request payloads and responses with metadata
  • Metadata Only: Usage, pricing, and provider statistics (excluding content)

You can configure this setting under Settings → Policies in your organization dashboard.

d. Payment Information

We use Stripe to process payments. Your payment data is handled by Stripe in accordance with their Privacy Policy.
We do not store your credit card information.

e. Cookies and Analytics

We use cookies and similar technologies to analyze usage, improve functionality, and enhance user experience.
You can control cookie preferences through your browser settings.

2. How We Use Your Information

We use your data to:

  • Provide, maintain, and improve our Service
  • Authenticate and manage your account
  • Monitor API usage and enforce fair use policies
  • Process billing and send transactional emails
  • Improve model performance insights and product analytics
  • Communicate updates, promotions, or security alerts

3. Data Retention

We keep your personal data only as long as necessary for the purposes it was collected, or as required by law:

  • Account and profile data (name, email, login credentials, API keys): retained while your account is active. When you delete your account, this data is deleted promptly.
  • Usage logs (request metadata, token counts, costs): the content of requests and responses is governed by your organization’s retention setting below; aggregated usage and cost metadata is retained for analytics and billing accuracy.
    • Retain All Data: Saves request payloads and responses with metadata
    • Metadata Only: Saves only usage and cost metadata, excluding request content
  • Billing and accounting records (purchases of credits, payments, invoices, and the transaction history of credits bought and spent): we are legally required to retain these under applicable tax and accounting law. We keep them for 10 years, even after you delete your account, after which they are deleted or anonymized.

Where we retain billing records after account deletion, we restrict our processing of that data to what the law requires, and we anonymize personal identifiers that are not needed for the accounting record.

4. Data Sharing

We do not sell your personal information.
We may share limited data with:

  • Service Providers: For hosting (e.g. Google Cloud), analytics, or payments
  • AI Providers: When routing your API requests to the selected model (e.g., OpenAI, Anthropic, Mistral, etc.)
  • Legal Authorities: Only if required by law or to protect our rights and users’ safety

Each provider processes data under their own privacy terms.

Sub-processors

We rely on a small set of vetted sub-processors, each bound by contractual data-protection obligations:

  • Stripe — payment and subscription processing. Stripe acts as a separate processor and retains its own payment records to meet its legal and tax obligations, in accordance with their Privacy Policy.
  • Google Cloud — application hosting and database storage
  • Resend — transactional and product email delivery
  • AI Providers — as listed in the model catalog, when routing your requests

5. Team and Organization Management

If you belong to an organization:

  • Owners and Admins can view and manage member data and roles.
  • Access is limited by assigned roles (Owner, Admin, Developer, Restricted Access).

You can manage permissions from the Team Settings page.

6. Security

We implement industry-standard measures to protect your data, including:

  • HTTPS and encryption in transit
  • Access controls and authentication for sensitive data
  • Regular security reviews and monitoring

However, no system is completely secure. You are responsible for safeguarding your account credentials.

7. Your Rights

Depending on your location, you may have the right to:

  • Access, correct, or delete your data
  • Export your data in a machine-readable format
  • Withdraw consent for specific processing activities
  • Object to or restrict certain processing activities

You can make requests via contact@llmgateway.io.

Limits on the right to erasure

We will honor erasure requests except where we are legally obliged to retain data. In particular, records of credits you purchased and spent are kept to comply with tax and accounting law (see Data Retention) and cannot be deleted on request during the statutory retention period. During that period we limit our processing of those records to what the law requires. Once the retention period ends, the data is deleted or anonymized.

If you are in the EU/EEA or UK, you also have the right to lodge a complaint with your data protection supervisory authority.

8. International Transfers

Data may be processed and stored on servers located in the European Union or the United States.
We ensure that any data transfers comply with applicable data protection laws (e.g., GDPR).

9. Children’s Privacy

Our Service is not intended for individuals under 16 years of age.
We do not knowingly collect personal information from minors.

10. Changes to This Policy

We may update this Privacy Policy periodically.
The latest version will always be available on our Privacy Policy page.

11. Contact Us

If you have any questions about this Privacy Policy or your data, contact us at:
📧 contact@llmgateway.io 🌐 llmgateway.io