Privacy Policy
Effective Date: May 17, 2026
1. What We Collect
We collect the following data to operate the Service:
- Account email: used for login, notifications, and password reset only.
- API usage logs: request content (including prompts), model used, token consumption, timestamps, and response status. Stored in server log files with rotation (latest 3 files retained).
- Billing information: payment records processed by Stripe or Creem; we do not store your payment card details.
Important: API request logs may contain the full prompt text you submit.
Do not send sensitive personal information, passwords, or confidential data through the API.
2. How We Use Your Data
- To authenticate your account and enforce rate limits
- To calculate billing and token usage
- To debug service issues and prevent abuse
- To send service-related emails (payment confirmations, security alerts)
We do not use your data for advertising, profiling, or training models.
3. Data Sharing
We do not sell or rent your personal data. Data is shared only with:
- Upstream model providers (DeepSeek, Alibaba Qwen, Zhipu GLM, Moonshot Kimi, OpenRouter): receive the full API request (including prompt) to generate responses.
- Payment processors (Stripe, Creem): receive payment information necessary to process transactions.
- Legal compliance: if required by valid legal process, we may disclose limited information.
4. Data Storage & Retention
| Data Type |
Retention |
| API usage logs (logs.jsonl) |
File rotation (latest 3 files retained; older files deleted automatically) |
| Account email |
Until account deletion |
| Payment records |
As required by payment processor retention policies |
You may request deletion of your account and associated data at any time by contacting us.
5. Cross-Border Data Transfer
Your data is processed as follows:
- API requests are received by our server located in Hong Kong.
- Requests are then forwarded to upstream model providers (servers may be located in Mainland China or other regions).
- If you are in the European Economic Area (EEA), your data is transferred outside the EEA. We rely on contractual clauses and the necessity of service provision to lawfuly transfer your data.
6. Cookies
We use only essential cookies for session management (JWT token). We do not use analytics cookies, advertising trackers, or third-party tracking scripts.
When you first visit our site, a cookie consent banner will appear. You may accept or dismiss it. Essential cookies are still set regardless of consent, as they are necessary for the Service to function.
7. Your Rights (GDPR / CCPA)
Depending on your jurisdiction, you may have the following rights:
- Access: request a copy of your data
- Deletion: request deletion of your account and associated data
- Correction: update your email address via the dashboard
- Objection: object to processing of your data (note: this may prevent us from providing the Service)
To exercise these rights, contact us at support@aibridge-api.com.
For GDPR purposes, our Data Protection Officer can be reached at the same email address.
8. Security
We implement reasonable security measures to protect your data, including:
- HTTPS encryption for all API communications
- JWT token-based authentication for user sessions
- Rate limiting to prevent abuse
- Regular security updates to our server software
However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
9. Children's Privacy
The Service is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of the Service constitutes acceptance of the updated Policy.