Privacy Policy

Effective: January 15, 2026 · Last updated: March 1, 2026

AIRouter, Inc. ("we", "us") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data. It applies to all users of the AIRouter platform and API.

1. Data We Collect

Data Category	Examples	Stored	Purpose
Account data	Email address, user ID	Yes	Authentication, account management
API keys	Your AIRouter API key	Yes (hashed)	Request authentication
Provider credentials	Third-party API keys	Yes (encrypted)	Proxying requests to providers
Agent configuration	Name, model, system prompt	Yes	Agent functionality
Request metadata	Timestamps, token counts, agent ID	Yes (90 days)	Billing, usage analytics
Request/response content	Messages, completions	No	Passed through only, never stored
Technical data	IP address, user agent, country	Yes (30 days)	Security, rate limiting, abuse prevention

2. What We Don't Do

• We do not read, log, or store the content of your prompts or AI responses
• We do not use your data to train models
• We do not sell, rent, or share personal data with third parties for marketing purposes
• We do not use your provider API keys for any purpose other than fulfilling your requests
• We do not use tracking pixels, third-party analytics, or advertising cookies

3. How We Use Your Data

We use collected data exclusively for the following purposes:

• Service operation — routing requests, authenticating users, managing agents
• Billing — calculating usage-based fees and generating invoices
• Security — detecting abuse, enforcing rate limits, preventing unauthorized access
• Support — responding to your inquiries and debugging issues
• Improvement — aggregate, anonymized statistics to improve service performance

4. Data Security

We implement industry-standard security measures to protect your data:

• All data in transit is encrypted via TLS 1.3
• Provider API keys are encrypted at rest using AES-256
• Database access is restricted to application-level service accounts
• Infrastructure access requires SSH key authentication with MFA
• We conduct periodic security reviews of our codebase and infrastructure

5. Data Retention

Account data is retained for the lifetime of your account. Request metadata is retained for 90 days for billing purposes and then automatically deleted. Technical logs (IP addresses, access patterns) are retained for 30 days. Upon account deletion, all associated data is purged within 30 days.

6. Third-Party Processors

When you send requests through AIRouter, your message content is transmitted to the AI provider you selected (e.g., Anthropic, OpenAI). These providers process your data under their own privacy policies. We encourage you to review:

• Anthropic Privacy Policy
• OpenAI Privacy Policy
• xAI Privacy Policy
• Google Privacy Policy

Our infrastructure is hosted on third-party cloud providers. We select providers that maintain SOC 2 compliance and appropriate data protection standards.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate data
• Deletion — request deletion of your account and associated data
• Portability — receive your data in a structured, machine-readable format
• Objection — object to certain types of processing

To exercise these rights, contact us at privacy@airouter.us. We will respond within 30 days.

8. International Data Transfers

Our servers are located in the United States. If you access the Service from outside the US, your data may be transferred to and processed in the US. By using the Service, you consent to this transfer. We rely on Standard Contractual Clauses where required for transfers from the EEA/UK.

9. Children's Privacy

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 14 days before they take effect. The "last updated" date at the top of this page reflects the most recent revision.

11. Contact

For privacy-related inquiries, contact our data protection team:

AIRouter, Inc.
Attn: Privacy Team
Email: privacy@airouter.us