Privacy Policy
The short version: we keep the metadata needed to bill you and show your usage, and we don’t keep the contents of your requests. Here are the details.
- 01
What we collect
Account data: your sign-in identity from Google or GitHub OAuth (name, email, and provider profile basics), team membership, and the named API keys you create (we store only a key hash and non-secret prefix).
Billing data: prepaid balance, top-up and invoice history from Stripe, auto-recharge settings, and Stripe payment-method references (not full card numbers).
Usage metadata: per request, the model, provider, token counts, latency, status, and which key/user incurred the call — never message bodies.
Communications: messages you send via the contact form or by email, and invitation emails we send when you invite teammates.
Site analytics: on the public marketing site we use Google Analytics to understand aggregate traffic (see Cookies & analytics).
- 02
What we don’t collect
We do not store the contents of your API requests or responses — message bodies, prompts, completions, and tool inputs pass through the gateway and are never written to our application storage. Payload logging is off.
- 03
How we use it
We use this data to authenticate keys, operate the gateway, draw down your prepaid balance, run auto-recharge when enabled, show team usage, provide support, secure the service, and improve the product. We don’t sell your data or use your prompts or completions to train models.
- 04
Sharing & service providers
Model providers: request contents are forwarded to Anthropic and/or OpenAI to fulfil the call. We do not retain those contents. Whether a provider retains anything is governed by that provider’s terms and any no-store or zero-data-retention options available on your traffic path.
Payments: Stripe processes top-ups, invoices, and saved payment methods. Card numbers are handled by Stripe, not by us.
Infrastructure: Neon (database) and Cloudflare (edge hosting and related services) process account, billing, and usage metadata under our instructions.
Identity: Google and GitHub process sign-in when you choose those OAuth providers.
Analytics: Google Analytics on the public site. Email delivery for transactional and support mail uses our mail provider.
We share data with others only as needed to provide the service, with your direction, or as required by law.
- 05
Cookies & analytics
We use essential cookies for authentication and session security. On the marketing site in production we load Google Analytics to measure visits. You can block analytics cookies with your browser or extensions; the product dashboard will still work.
- 06
Retention
We keep account, billing, and usage metadata for as long as your account is active and as needed for billing, tax, security, and legal records. Request and response contents aren’t retained by us. Contact-form and support messages are kept as long as needed to handle your request.
- 07
Security
Traffic is encrypted in transit; account, balance, usage data, and encrypted provider credentials are encrypted at rest. Customer-facing keys are stored only as hashes. See our security page for more.
- 08
Your rights
You can access, correct, export, or delete your account data, and manage balance, top-ups, and auto-recharge from the dashboard or by emailing us. We’ll respond within a reasonable time. Some billing records may be retained where law requires.
- 09
International transfers
ObixHub and its providers may process data in the United States and other regions where Anthropic, OpenAI, Stripe, Cloudflare, Neon, Google, or GitHub operate. We rely on their contractual and technical safeguards, and on no-store or zero-data-retention options where available for model traffic.
- 10
Changes & contact
We’ll post material changes here and update the date above. Questions or requests: hi@obixhub.com.