Privacy Policy

Account information. When you sign in with Google, we receive and store your email address, name, and profile picture URL from your Google account, along with a stable Google account identifier used to recognize you on return visits.

Node information.Agents running on your hardware report the hardware specifications of each node — platform, architecture, CPU model and core count, RAM, and GPU name(s) and VRAM — along with the node name you choose, the model it is serving, its current tunnel URL, and connectivity and health status derived from heartbeats.

Request metadata.For each request routed through the gateway we record metadata only: which tier served it (cache, your local node, or cloud), the node or cloud provider used, the model name, prompt and completion token counts, latency, HTTP status code, any error code, and — for credit-billed cloud requests — the cost charged. We do notstore the text of your prompts or the model’s responses in our request logs.

Billing records. We store your Stripe customer identifier and an append-only ledger of credit top-ups and usage charges (amounts, descriptions, and the related Stripe event identifiers).

Operational telemetry. To keep the site reliable we record limited client-side error and page-not-found events (such as error type and message, the page URL, and coarse device, browser, and country information). This telemetry is not used to identify you.

If you enable response caching (a per-account setting), the gateway stores the responses to your requests in Cloudflare KV so that an identical, repeated request can be served instantly without touching a GPU. Cache entries are keyed so that they are scoped to your account alone — two users never share cache entries — and are stored within Cloudflare’s infrastructure, which encrypts data at rest.

Each entry expires automatically after a time-to-live you control (default 24 hours). You can change the TTL or disable caching entirely at any time in your settings; when caching is disabled, no response content is stored.

We use the data above to:

• authenticate you and operate your account;
• route requests to your nodes and, where configured, to cloud failover;
• serve cached responses when you have caching enabled;
• show you analytics on usage, latency, and the local-versus-cloud split;
• meter and bill prepaid credit usage through Stripe;
• secure the Service, prevent abuse, and diagnose errors.

We rely on the following providers to deliver the Service. Your data is handled by them only as needed to operate it:

• Cloudflare — hosting (Workers), database (D1), and the response cache (KV).
• Google — OAuth sign-in and the account profile data described above.
• Stripe — payment processing. Card details are entered with and handled by Stripe; we store only your Stripe customer ID and a transaction ledger, never card numbers.
• OpenRouter — a fallback provider for credit-billed cloud failover, reached through Cloudflare AI Gateway. Requests served this way are governed by OpenRouter's own policies.

When a request is served by platform cloud failover billed to your credits, prompt content is sent to the relevant model provider solely to generate the response; we do not retain that content.

We use a single session cookie to keep you signed in. We do not use advertising or third-party tracking cookies. Clearing the cookie signs you out.

We keep account, node, request-metadata, and billing-ledger data for as long as your account is active, and as needed afterward to comply with legal, accounting, or security obligations. Cached responses are retained only until their TTL expires. Operational telemetry is retained for a limited period for reliability and security purposes. When you delete your account, associated records are removed or anonymized except where we are required to retain them.

You can access and update most of your information from your dashboard. Depending on your location, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise these rights, or to request deletion of your account and data, contact us at sean@inventivehq.com. We will respond within the time required by applicable law.

The Service is not directed to children and is not intended for use by anyone under the age at which they can provide consent under applicable law. We do not knowingly collect data from children.

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above. Your continued use of the Service after changes take effect constitutes acceptance of the revised Policy.

Questions about this Policy or your data? Contact us at sean@inventivehq.com.