Skip to main content

Privacy Policy

Effective: 2026-04-15

1. What we collect

  • Account data: email, name, password hash.
  • API usage: request/response metadata (slug, method, status, latency, credits), not payloads.
  • Agent interactions (MCP): tool calls, input/output summaries. Used for fine-tuning improvement.
  • Payment: handled by Stripe. We receive only last-4 digits + payment method type.

2. What we do NOT collect

  • • Raw request/response bodies (unless explicitly opted in).
  • • BYOK provider keys in plaintext (encrypted at rest with AES-256-GCM).
  • • Third-party cookies. No tracking across other sites.

3. How we use data

  • • Proxy API calls to upstream providers.
  • • Generate usage analytics, billing, SLA reports.
  • • Improve apitree platform (aggregated, anonymized metrics only).

4. Data retention

  • • Account: until deleted by user.
  • • Usage logs: 180 days rolling window.
  • • Audit logs: 2 years (regulatory requirement).

5. Your rights

  • • Access: Request a copy of your data via [email protected]
  • • Delete: Account deletion removes all personal data within 30 days.
  • • Export: Dashboard → Usage export (CSV/JSONL/NDJSON).

6. Contact

Privacy questions: [email protected]
Data Protection Officer (DPO): [email protected]