Privacy Policy

Your privacy is important to us. This policy explains how RouKey collects, uses, and protects your information.

Last Updated: June 25, 2025
Effective Date: June 25, 2025

1. Information We Collect

Account and Profile Information

When you register for RouKey, we collect information necessary to create and maintain your account:

  • Email Address: Primary identifier for your account, used for authentication, billing notifications, and important service communications
  • Display Name: Optional field for personalizing your dashboard experience
  • Authentication Credentials: Securely hashed passwords or OAuth tokens from third-party providers (Google, GitHub)
  • Account Preferences: Dashboard settings, notification preferences, timezone, and language selections
  • Profile Picture: Optional avatar image from OAuth providers or uploaded directly

Subscription and Billing Information

For paid subscriptions, we collect and process billing information through our secure payment processor:

  • Subscription Tier: Current plan level (Free, Starter, Professional, Enterprise)
  • Payment Information: Processed securely by Stripe (we never store full credit card numbers)
  • Billing Address: Required for tax calculation and compliance purposes
  • Transaction History: Records of payments, upgrades, downgrades, and cancellations
  • Tax Information: VAT numbers, tax exemption certificates where applicable

API Configuration and Usage Data

To provide our AI routing service, we collect configuration and usage information:

  • API Configurations: Your custom routing rules, model preferences, and fallback strategies
  • API Keys: Encrypted storage of your third-party AI provider API keys
  • Request Metadata: Timestamps, response times, status codes, and routing decisions (content is never stored)
  • Usage Analytics: Request volumes, model usage patterns, cost optimization metrics
  • Performance Metrics: Latency measurements, error rates, and service availability statistics
  • Custom Roles: Your defined AI agent roles and their associated prompts and configurations

Technical and Security Information

For security, performance optimization, and fraud prevention, we automatically collect:

  • IP Addresses: Used for rate limiting, geographic routing, and security monitoring
  • Device Information: Browser type, version, operating system, and device characteristics
  • Session Data: Authentication tokens, session duration, and activity timestamps
  • Security Logs: Failed login attempts, suspicious activity patterns, and access violations
  • Network Information: Connection quality, geographic location (country/region level), and ISP information
  • Application Logs: Error messages, debugging information, and system performance data

Information We Do NOT Collect

RouKey is designed with privacy by design. We explicitly do not collect:

  • AI Request Content: We never store, log, or analyze the actual content of your AI requests or responses
  • Personal Communications: Private messages, documents, or files processed through our service
  • Biometric Data: Fingerprints, facial recognition data, or other biometric identifiers
  • Location Tracking: Precise GPS coordinates or detailed location history
  • Third-Party Account Data: Information from your social media or other external accounts beyond basic OAuth profile data

2. How We Use Your Information

Core Service Delivery

We use your information primarily to provide and maintain our AI routing platform:

  • Intelligent Routing: Analyze request patterns to route your API calls to the most appropriate AI models
  • Authentication & Security: Verify your identity and protect your account from unauthorized access
  • Configuration Management: Store and apply your custom routing rules, API keys, and preferences
  • Performance Optimization: Monitor response times and automatically optimize routing decisions
  • Error Handling: Implement intelligent fallback strategies when primary models are unavailable
  • Usage Tracking: Provide accurate analytics and billing based on your API consumption

Account and Billing Management

For subscription and payment processing, we use your information to:

  • Payment Processing: Handle subscription payments, upgrades, and billing through our secure payment processor
  • Subscription Management: Manage your plan level, feature access, and usage limits
  • Tax Compliance: Calculate and collect applicable taxes based on your billing address
  • Invoice Generation: Create and deliver billing statements and payment receipts
  • Refund Processing: Handle refund requests and payment disputes when applicable
  • Fraud Prevention: Detect and prevent fraudulent transactions and account abuse

Service Improvement and Analytics

To continuously improve our platform, we analyze aggregated and anonymized data:

  • Performance Analytics: Identify bottlenecks and optimize system performance across our infrastructure
  • Usage Pattern Analysis: Understand how features are used to prioritize development efforts
  • Model Performance Tracking: Monitor AI model availability, response times, and quality metrics
  • Cost Optimization: Develop better routing algorithms to reduce costs for our users
  • Feature Development: Use aggregated usage data to design new features and improvements
  • Capacity Planning: Forecast infrastructure needs based on usage trends

Communication and Support

We use your contact information to provide essential communications:

  • Service Notifications: Alert you about system maintenance, outages, or critical security updates
  • Account Security: Notify you of suspicious login attempts or security-related events
  • Billing Communications: Send payment confirmations, billing reminders, and subscription updates
  • Customer Support: Respond to your support requests and provide technical assistance
  • Product Updates: Share information about new features, improvements, and platform updates (with opt-out option)
  • Legal Notices: Communicate changes to our terms of service, privacy policy, or other legal requirements

3. Data Protection and Security

🔒 Your AI Content is Private

RouKey does not store, log, or access the content of your AI requests and responses. We only process routing metadata and performance metrics.

Security Measures

  • End-to-end encryption for all API communications
  • Secure storage of API keys with industry-standard encryption
  • Regular security audits and vulnerability assessments
  • Access controls and authentication mechanisms
  • Monitoring for suspicious activity and abuse

Data Retention

  • Account data: Retained while your account is active
  • Usage analytics: Aggregated data retained for 24 months
  • Error logs: Retained for 90 days for debugging purposes
  • Payment records: Retained as required by law (typically 7 years)

4. Information Sharing

🚫 We Do Not Sell Your Data

RouKey never sells, rents, or trades your personal information to third parties for marketing purposes.

Limited Sharing

We may share information only in these specific circumstances:

  • Service Providers: Stripe for payment processing, Supabase for data storage
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfer: In case of merger, acquisition, or sale of assets
  • Consent: When you explicitly authorize sharing

5. Your Rights and Choices

Data Access and Control

  • Access: View and download your account data
  • Correction: Update or correct your information
  • Deletion: Request deletion of your account and data
  • Portability: Export your data in a standard format
  • Opt-out: Unsubscribe from marketing communications

Cookie Management

You can control cookies through your browser settings:

  • Block or delete cookies
  • Set preferences for specific websites
  • Receive notifications when cookies are set

6. International Data Transfers

RouKey operates globally and may transfer your data to countries outside your residence. We ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by regulatory authorities
  • Adequacy decisions for countries with equivalent protection
  • Certification schemes and codes of conduct

7. Children's Privacy

RouKey is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by:

  • Email notification to your registered address
  • Prominent notice on our website
  • In-app notifications for material changes

Continued use of RouKey after changes become effective constitutes acceptance of the updated policy.

9. Contact Information

For questions about this Privacy Policy or to exercise your rights, contact us:

We will respond to your inquiry within 30 days of receipt.

🔒 Key Highlights

  • • Zero AI content storage
  • • End-to-end encryption
  • • GDPR & CCPA compliant
  • • Full data control

📞 Need Help?

Have questions about our privacy practices?

contact@roukey.online