CodyRouter — Privacy Policy
Last Updated: May 25, 2026
This Privacy Policy explains what personal information CodyRouter ("we," "us," or "our") collects when you access or use the CodyRouter website, applications, APIs, developer tools, and related services (collectively, the "Services"), how we use and share that information, how long we keep it, and the choices and rights available to you.
This Privacy Policy should be read together with our Terms of Service and Usage Policy. Capitalized terms used but not defined here have the meaning given to them in the Terms of Service.
Table of Contents
- Information We Collect
- Inputs, Outputs, and User Content
- How We Use Information
- How We Share Information
- Cookies and Similar Technologies
- Data Retention
- Data Security
- Cross-Border Data Processing
- Your Choices and Rights
- Third-Party Links and Services
- Minors
- Changes to this Policy
- Contact Us
1. Information We Collect
We collect the following categories of information:
Account Information. Name, email address, login method, account identifier, display name or handle, account preferences, and authentication status.
Billing and Transaction Information. Subscription or plan selection, order records, invoice information, payment status, refund records, tax-related information, and transaction identifiers returned by payment processors. Your full payment card number, bank account number, or other complete payment credentials are processed by third-party payment processors and are not stored by us.
Terms Consent Records. Whether you have accepted the Terms of Service, the Privacy Policy, and the Usage Policy; the version of each policy you accepted; the time of acceptance; your confirmation of eligibility under Section 2 of the Terms of Service; and audit information related to consent actions.
Usage and Credit Metadata. Feature or model selection, API key identifiers (not the secret values), request timestamps, request status codes, Credit consumption, balance changes, applicable plan entitlements, rate-limit status, error codes, latency metrics, token counts, and service-quality indicators.
Technical and Device Data. IP address, IP-inferred approximate location, User-Agent string, browser type, device information, operating system, referrer page, access time, session identifier, and data generated by cookies and similar technologies.
Risk-Management and Security Logs. Suspicious logins, anomalous API calls, suspected abuse, payment risk, chargeback risk, API key compromise risk, eligibility risk (including indicators of access from a Restricted Territory or by a Restricted Person), and incident-related logs.
Support and Communications Materials. Text, screenshots, files, request examples, output examples, and communication records that you voluntarily submit when contacting support, filing a billing dispute, requesting a refund, submitting feedback, or troubleshooting an issue.
2. Inputs, Outputs, and User Content
2.1 We Do Not Log the Content of Your Inputs or Outputs. When you submit a request through the Services, your Input is forwarded to the relevant Approved Provider, and the corresponding Output is returned to you. We do not log, store, archive, or otherwise persistently retain the content of your Inputs or Outputs in the ordinary course of operating the Services.
2.2 We Do Not Train on Your Content. We do not use, and will not use, the content of your Inputs or Outputs to train, fine-tune, distill, evaluate, benchmark, align, or otherwise develop or improve any artificial-intelligence model, whether ours or any third party's. We do not sell, license, or otherwise make the content of your Inputs or Outputs available to any third party for training purposes.
2.3 What We Do Process. To operate the routing function of the Services, your Inputs are processed transiently in memory for the duration required to forward them to the relevant Approved Provider and return the Output to you. We retain operational metadata only — such as request timestamps, model identifiers, token counts, latency, error codes, and billing-related data — but not the content of Inputs or Outputs themselves.
2.4 Narrow Exceptions. We may briefly access, capture, or retain the content of Inputs or Outputs only under the limited circumstances described in Section 5.5(d) of the Terms of Service, namely: (a) to comply with binding legal process or Applicable Laws; (b) to investigate, prevent, or respond to a specific, identified incident of suspected fraud, abuse, security threat, or violation of our Usage Policy; or (c) to honor your explicit, in-product opt-in to a feature that requires retention (for example, a debugging, replay, or audit feature you affirmatively enable for your own account). Any such access or retention is limited to the minimum scope and duration strictly necessary, and the relevant data is deleted once the underlying purpose has been satisfied.
2.5 If You Submit Content to Support. If you voluntarily share Inputs, Outputs, screenshots, request examples, or other content with us through a support ticket, email, billing dispute, or feedback channel, we may retain and use those materials to provide support, troubleshoot the issue, address the dispute, and prevent abuse. Do not share through these channels any content you do not want us to retain.
2.6 Approved Providers Are Separate. The commitments in this Section 2 apply only to CodyRouter. When your Input is routed to an Approved Provider, the Approved Provider independently processes that Input under its own privacy policy, data-handling terms, and Acceptable Use Policy, which may permit logging, retention, training, or other uses by the Approved Provider that are outside our control. It is your responsibility to review each Approved Provider's data-handling terms before submitting an Input.
3. How We Use Information
We use the information described in Section 1 for the following purposes:
- to provide, operate, and maintain the Services;
- to create and manage your account;
- to process payments, issue invoices, manage Credit balances, process refunds (where applicable), and handle billing disputes;
- to record consent to these Terms, the Privacy Policy, and the Usage Policy, and to determine whether re-confirmation is required;
- to calculate Credit consumption, enforce rate limits, display entitlements, and route API requests to Approved Providers;
- to monitor service quality, diagnose issues, improve the Services, and maintain system stability;
- to identify, prevent, and respond to fraud, abuse, attacks, chargebacks, credential compromise, anomalous activity, and security risks;
- to assess eligibility under Section 2 of the Terms of Service (including indicators of access from a Restricted Territory or by a Restricted Person), payment availability, upstream-service restrictions, and other compliance requirements;
- to respond to support requests, send service notices, process user requests, and meet legal obligations; and
- to enforce the Terms of Service, this Privacy Policy, and the Usage Policy.
4. How We Share Information
We do not sell your personal information. We share information only as necessary for the purposes described below:
Payment Processors. To process purchases of Credits, refunds (where applicable), invoices, chargebacks, and anti-fraud checks.
Cloud, Database, Email, and Support Vendors. To host the Services, store operational data, send notices, process support tickets, and provide customer service.
Risk-Management, Security, and Analytics Vendors. To monitor service quality, prevent abuse, detect security incidents, and improve the product experience.
Approved Providers. When your request requires the use of an AI model, inference, code-processing, agent, or related capability operated by a third party, your Input is transmitted to the relevant Approved Provider for processing. The Approved Provider handles your Input under its own terms.
Professional Advisors, Authorities, and Other Necessary Parties. Where required by law, legal process, dispute handling, or to protect the rights, safety, or legitimate interests of CodyRouter, our users, our Approved Providers, or third parties.
5. Cookies and Similar Technologies
We use cookies and similar technologies to maintain login sessions, remember preferences, analyze usage patterns, and support core site functionality. You may manage cookies through your browser, but disabling them may affect the availability of certain features.
6. Data Retention
We retain information for the period reasonably necessary to provide the Services, maintain business records, resolve disputes, prevent fraud, maintain security, enforce our policies, and meet tax, accounting, or other legal obligations. Different categories of data — accounts, orders, invoices, consent records, refund records, risk-management logs, and security logs — may be subject to different retention periods. The content of Inputs and Outputs is not retained in the ordinary course, as described in Section 2.
When data is no longer needed, we delete, anonymize, or otherwise restrict access to it in accordance with our internal procedures.
7. Data Security
We use commercially reasonable administrative, technical, and organizational measures to protect personal information. However, no method of transmission or storage is completely secure. You are also responsible for safeguarding your account, password, login sessions, and API keys, and for promptly notifying us of any suspected compromise or unauthorized use.
8. Cross-Border Data Processing
The Services are operated on a global basis. To provide the Services, your information may be accessed, stored, or processed in jurisdictions other than the one in which you reside, including by our third-party service providers, Approved Providers, cloud hosting providers, and payment processors located in various jurisdictions. Data-protection rules in those jurisdictions may differ from those of your home jurisdiction. By using the Services, you understand and agree to the cross-border processing necessary to provide the Services.
9. Your Choices and Rights
Depending on the laws of the jurisdiction in which you reside, you may have certain rights with respect to your personal information, including the right to access, correct, delete, export, or restrict the processing of certain personal information, and to close your account.
To exercise these rights, please email us at [privacy@codyrouter.com]. We may need to verify your identity, and we may decline requests that are manifestly unfounded, repetitive, would adversely affect the rights of others, would interfere with an ongoing security investigation, or where we are legally required or permitted to continue retaining the data.
Because we do not retain the content of Inputs or Outputs (see Section 2), we are not able to fulfill access, export, deletion, or correction requests with respect to that content. If you wish to exercise rights with respect to Input or Output content that may have been processed or retained by an Approved Provider, you must contact the relevant Approved Provider directly.
10. Third-Party Links and Services
The Services may contain links to or integrations with third-party websites, payment pages, AI model providers, support tools, and other services. The privacy practices of those third parties are governed by their own policies. We recommend that you review the privacy policies and terms of any third-party service before using it.
11. Minors
The Services are intended for users who have the legal capacity to enter into a binding contract. The Services are not directed to, and we do not knowingly collect personal information from, individuals under the age of eighteen (18) (or the age of majority in their jurisdiction, whichever is greater). If you believe that a minor has provided personal information to us, please contact us using the details below and we will take appropriate steps to address the issue.
12. Changes to this Policy
We may update this Privacy Policy from time to time. Updates become effective on the date posted at the top of this page, or on such later date as we may specify. If we make material changes, we will post the updated version on this page and update the "Last Updated" date accordingly. For material changes that affect the categories of data we collect, the purposes for which we use data, or the parties with whom we share data, we may require you to re-confirm your acceptance before continuing to use the Services.
13. Contact Us
- Privacy email: [privacy@codyrouter.com]
- Support: [support@codyrouter.com]
- Legal notices: [legal@codyrouter.com]
For legal notices, please contact us by email first.