Privacy Policy
Last updated: July 14, 2026. This policy explains what data AIRouter collects, why we collect it, and the choices you have. The short version: we run with zero data retention on your AI traffic by default, and we never train on your data.
1. Data we collect
Account data. When you sign up we collect your name, email address, and organization name. Payment details (card number, billing country) are collected and stored by our merchant of record, Freemius — we never see or store your full payment details.
API traffic. By default we operate with zero data retention: the prompts you send and the completions you receive are processed in memory to route your request and are not stored on our servers. You can optionally enable request logging in your dashboard for debugging; logged requests are stored encrypted and can be deleted by you at any time.
Usage metadata. We store non-content metadata about each request — timestamp, model name, token counts, latency, and status code — to power your analytics dashboard and to operate the routing engine.
Website data. Our website uses privacy-friendly, cookieless analytics to measure aggregate traffic. We do not run third-party advertising trackers.
2. How we use data
- to provide, secure, and improve the Service;
- to route your requests to the providers you select;
- to bill your subscription and prevent fraud and abuse;
- to communicate with you about your account, security, and material changes to the Service;
- to comply with legal obligations.
We do not sell your personal data, and we do not use your prompts or completions to train any model — ours or anyone else's.
3. Sharing with model providers
To fulfill a request, the content of that request is transmitted to the AI provider serving the model you selected (for example Anthropic, OpenAI, or Google). We only route to provider endpoints that contractually commit to not training on API traffic, and we honor provider-level data-handling flags you configure — for example, restricting your traffic to zero-retention endpoints or specific regions.
4. Other processors
We use a small number of vetted subprocessors to run the business: Freemius (payments and licensing), our cloud infrastructure providers (hosting), and our email provider (transactional email). Each processes only the data required for its function under a data processing agreement.
5. Data retention
Account and billing data is kept for as long as you have an account, plus the period required by tax and accounting law. Usage metadata is retained for 13 months and then aggregated or deleted. Optional request logs are retained until you delete them or for a maximum of 30 days, whichever comes first. Prompt and completion content is not retained at all unless you explicitly enable logging.
6. Security
All traffic is encrypted in transit with TLS 1.3, and stored data is encrypted at rest. Access to production systems is limited to a small set of engineers under audit logging and hardware-key authentication. We maintain SOC 2 Type II certification and run an ongoing vulnerability disclosure program — reports are welcome at security@airouter.fyi.
7. Your rights
Depending on where you live (including under the GDPR and CCPA), you may have the right to access, correct, export, restrict, or delete your personal data, and to object to certain processing. You can exercise most of these directly from your dashboard; for anything else, email privacy@airouter.fyi and we will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
8. International transfers
Requests are processed in the region closest to you where possible. Where data crosses borders, we rely on appropriate safeguards such as the EU Standard Contractual Clauses. Enterprise customers can pin traffic to specific regions.
9. Children
The Service is not directed at children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, contact us and we will delete it.
10. Changes to this policy
We may update this policy as the Service evolves. For material changes we will notify you by email or in-app notice before they take effect. The "last updated" date at the top always reflects the current version.
11. Contact
Privacy questions or requests: privacy@airouter.fyi, or use our contact page.