Data Processing Addendum

We process the account and usage metadata described in the Privacy Policy. Request and response contents are forwarded to your chosen model provider to fulfil the request and are not stored by us.

We use a small set of sub-processors to run the service: the AI model providers you target, our payment processor, and our cloud infrastructure. Provider traffic is routed through zero-data-retention paths where available. We'll give notice of new sub-processors and let you object to material changes.

Personnel with access to data are bound by confidentiality. We maintain technical and organizational measures appropriate to the risk — encryption in transit and at rest, hashed keys, team isolation, and metadata-only retention.

Because we hold only metadata and never your request contents, we can assist with access, correction, and deletion of the account and usage data we do hold. Contents are not retained, so there is nothing for us to return or erase there.

If we become aware of a personal-data breach affecting your data, we'll notify you without undue delay and share the information you need to meet your own obligations.

On termination, we delete or return the account and usage metadata we hold within a reasonable period, except where retention is required by law.

Where data is processed across regions, we rely on appropriate safeguards and on the data-protection commitments of our sub-processors.

To request this addendum as a signed document or ask about our data practices, email hi@obixhub.com.