Privacy Policy
Last updated: March 2026
LLM AI Router ("we", "our", or "the Service") is a cloud-hosted AI routing service that connects your coding tools to multiple AI providers through a single endpoint. This Privacy Policy explains how we collect, use, and protect your information.
Information We Collect
Account Information
When you create an account, we collect your email address and authentication credentials. If you sign up via OAuth (Google, GitHub), we receive your basic profile information from those services.
API Keys
You provide your AI provider API keys (OpenAI, Anthropic, Google, etc.) to enable routing. These keys are encrypted with AES-256-GCM before storage and are never stored in plaintext.
Usage Metrics
We collect anonymized usage data including: request counts, token usage, provider selection, error rates, and latency metrics. This data is used for analytics, billing, and service improvement.
How API Keys Are Stored
Security is our top priority. All API keys are encrypted using industry-standard AES-256-GCM authenticated encryption before being stored in our database.
- •Keys are encrypted with AES-256-GCM before storage
- •The database only stores ciphertext, IV, and authentication tag
- •Plaintext keys are never stored
- •Decryption only occurs momentarily in server memory when proxying requests
- •The encryption key is stored only as a server environment variable
What We Don't Store
We are committed to your privacy. The following data is never stored by LLM AI Router:
- •Conversation content — Your prompts and messages are proxied in real-time and never logged or stored
- •AI responses — Model outputs are streamed directly to you without retention
- •Plaintext API keys — Only encrypted ciphertext is stored
Usage Data and Analytics
We collect anonymized usage metrics to provide you with analytics and to improve our service:
- •Request counts per provider and stack
- •Token usage (prompt tokens, completion tokens)
- •Error rates and response latency
- •Provider health and circuit breaker status
Note: We track metadata only — no conversation content, prompts, or AI responses are included in analytics.
Cookies and Session Data
We use essential cookies to maintain your authenticated session and remember your preferences. We do not use third-party tracking cookies or advertising cookies. Session data is encrypted and expires after a reasonable period of inactivity.
Data Retention and Deletion
We retain your account data and usage metrics for as long as your account is active. You can request deletion of your account and all associated data at any time by contacting us.
Upon account deletion:
- •All encrypted API keys are permanently deleted
- •Stack configurations are removed
- •Usage history is anonymized or deleted
Third-Party Services
LLM AI Router integrates with the following third-party services:
- •AI Providers — Your requests are forwarded to the AI providers you configure (OpenAI, Anthropic, Google, DeepSeek, etc.). Each provider has their own privacy policy.
- •SendGrid — We use SendGrid for transactional emails (account verification, password reset). Only your email address is shared with SendGrid.
- •Authentication Providers — If you use OAuth sign-in (Google, GitHub), those services may receive information about your authentication requests.
Your Rights
You have the right to access, correct, or delete your personal information. You may also request a copy of your data or ask us to restrict processing. To exercise these rights, contact us at the email below.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us at: [email protected]