Privacy Policy
Last updated June 8, 2026.
1. Plain-English summary
ProxyLLM records every request you route through it. We do this for analytics, cache detection, cost rollups, and to improve the routing model. If you do not want your prompts recorded, do not use ProxyLLM.
We do not sell your prompts or your identity to third parties for advertising. We may use de-identified, aggregated data to improve the product or to publish benchmarks. Account data (email, billing) is shared only with the providers and processors we need to operate the service.
2. What we collect
- Account: email, OAuth identity (Google), display name, password hash (via Supabase Auth).
- API keys: encrypted at rest with AES-256-GCM. Never logged in plaintext.
- Requests: prompt text (truncated to 20,000 characters), model, provider, routing decision, token counts, latency, cost, finish reason, error messages.
- Routing configs: the visual graphs and classifier settings you create.
- Codex sessions: the per-user container state, last-used timestamps. We do not retain a copy of the OAuth tokens themselves; those live inside your isolated container's volume.
- Operational telemetry: request timing, error logs, usage counters. No third-party trackers or advertising cookies.
3. What we use it for
- Operate the service (proxy your calls, log costs, show the dashboard).
- Improve routing accuracy and cache detection over time. We may train internal classifiers on aggregated, de-identified data.
- Detect abuse, billing fraud, and provider TOS violations.
- Send you product and billing emails (account-related, not marketing, unless you opt in).
4. Who we share with
- AI providers (OpenAI, OpenRouter, and whichever provider your routing picks). Each receives only what is needed to serve your request, using your own key.
- Supabase (database + auth).
- Vercel (serverless compute hosting).
- Hetzner (Codex container hosting, paid feature).
- Whop Inc. (300 Kent Ave #401, Brooklyn, NY 11249), the merchant of record for paid plans. Whop handles checkout, billing, and tax remittance. We receive your subscription status from Whop.
- Government or law enforcement when required by a valid legal request.
5. Retention
Request logs and prompt text are retained for 90 days by default. Aggregated stats (daily rollups) are retained indefinitely. Encrypted API keys are retained until you delete them. Account data is retained while the account exists; deletion within 30 days of account closure on request to support@proxyllm.ai.
6. Your choices
- Delete your account at any time from Settings, or by emailing support@proxyllm.ai.
- Delete individual API keys from Settings.
- Request export of your data in JSON at support@proxyllm.ai.
- EU/UK/California residents: you have the rights granted by GDPR, UK GDPR, and CCPA, including access, deletion, and objection. Email the same address to exercise them.
7. Security
Keys are encrypted at rest with AES-256-GCM. Auth flows through Supabase. All traffic is TLS. We do not promise the service is unhackable; we promise to disclose material breaches affecting your data within 72 hours of confirmation.
8. Children
ProxyLLM is for users 18 and older. We do not knowingly collect data from minors. If we learn a minor has an account, we will delete it.
9. Changes
Material updates to this policy will be posted here with a new "Last updated" date and announced in-app or by email for material changes.
10. Contact
Questions, privacy or data-rights requests: support@proxyllm.ai. Billing privacy questions also go to Whop at support@whop.com.