Privacy Policy
Last updated: May 19, 2026
011. What we collect
Email address (account identifier), password (stored as a BCrypt hash), API key hashes (SHA-256), preferred currency and locale, login IP and timestamp, and per-request metadata: model id, token counts, latency, cost. We do not store request or response payloads by default.
022. How we use it
To operate the Service: authenticate you, route your requests, bill you, generate your usage dashboards, and prevent abuse. We do not sell your data and we do not use your prompts to train any model.
033. Third-party providers
When you call a model, your request payload is forwarded to the corresponding upstream provider (OpenAI, Anthropic, Google, etc.). Their privacy policies apply to that data. We do not retain payloads in our systems unless you explicitly enable request logging.
044. Cookies and local storage
We use localStorage to persist your session token, currency preference and language preference. We do not use third-party advertising cookies.
055. Data retention
Account records persist until you delete your account. Billing records are retained for 7 years for tax compliance. Per-request metadata is retained for 90 days unless your plan specifies otherwise.
066. Your rights
You may export your data, correct it, or request deletion at any time from Settings. EU/UK users have additional rights under GDPR; reach out and we will honor them.
077. Security
Account passwords use BCrypt (cost 10). Upstream API keys are encrypted with AES-256-GCM at rest. All traffic to and from Orux AI uses TLS 1.2+. Webhooks are signed with HMAC-SHA256.
088. Children
Orux AI is not intended for users under 13. We do not knowingly collect data from children.
099. Contact
Privacy questions: hello@orux.top.