Privacy Policy

Last updated: February 14, 2026

This Privacy Policy describes how RoutePlex ("we," "us," or "our") collects, uses, and shares information about you when you use our website, API services, and other online products and services (collectively, the "Services").

Information We Collect

Information You Provide

  • Account Information: When you create an account, we collect your email address, name, and password.
  • Payment Information: When you add a payment method, our payment processor (Stripe) collects your payment card details. We do not store full card numbers.
  • API Usage: We log API requests including timestamps, endpoints called, token counts, and model selections for billing and analytics.

Information We Collect Automatically

  • Usage Data: We collect information about how you interact with our Services, including pages visited, features used, and actions taken.
  • Device Information: We collect device identifiers, browser type, operating system, and IP address.
  • IP Addresses: IP addresses are used for security, fraud prevention, and rate limiting.
  • Cookies: We use cookies and similar technologies to maintain sessions and remember preferences.

Cookies

Cookies we use include:

  • Authentication cookies (HTTP-only) to maintain secure sessions
  • Preference cookies to remember user settings such as theme

We do not use advertising cookies or third-party tracking cookies at this time.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Services
  • Process transactions and send related information
  • Send technical notices, updates, and support messages
  • Respond to your comments and questions
  • Monitor and analyze trends, usage, and activities
  • Detect, prevent, and address fraud and abuse
  • Comply with legal obligations

Legal Basis for Processing

Where required by law, RoutePlex processes personal data based on:

  • Performance of a contract: Providing the Services you requested
  • Legitimate interests: Security, fraud prevention, and analytics
  • Legal obligations: Billing and compliance requirements
  • Your consent: Where applicable

Zero Data Storage

RoutePlex is a fully stateless API gateway. We want to be clear about what this means:

  • We do NOT store your prompts or responses. The content of your messages, model completions, web search queries, fetched URLs, and any data flowing through our API is processed entirely in-memory and immediately discarded. Nothing is written to disk, logged, or retained.
  • We do NOT access or store your customers' data. If you build products on top of RoutePlex, the data your end-users send through your integration is never stored, inspected, or retained by us. We have zero visibility into your customers' information.
  • Content moderation is stateless. Every request passes through automated content moderation checks (pattern detection, AI moderation, URL validation) in real-time. These checks happen in-memory per request and the content is discarded immediately afterward — we do not log, review, or store what was checked. Think of it like a security scanner at an airport: it inspects but does not record.

What We Do Retain

  • Blocked request hashes only: When a request is blocked by content moderation, we store only a one-way SHA-256 hash (not the original text) for trend analysis and abuse prevention.
  • Request metadata: Timestamps, token counts, costs, and model used — retained for 90 days for billing and analytics. This metadata contains no message content.
  • Billing records: Retained for 7 years as required by law.

Account Data

We retain your account information for as long as your account is active. Upon verified deletion requests, we delete account data within 30 days, subject to legal retention requirements.

Information Sharing

We do not sell your personal information. We may share information:

  • With Service Providers: We share information with vendors who help us provide the Services (e.g., Stripe for payments, cloud providers for hosting).
  • With AI Providers: When you make an API request, request data may be transmitted to third-party AI providers solely for the purpose of generating a response. These providers process data in accordance with their own privacy policies.
  • For Legal Reasons: We may disclose information if required by law or to protect rights, safety, or property.
  • With Your Consent: We may share information with your consent or at your direction.

Data Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.3)
  • Encryption at rest (AES-256)
  • Regular security audits
  • Access controls and authentication
  • Monitoring and alerting

Your Rights

Depending on your location, you may have rights to:

  • Access your personal information
  • Correct inaccurate data
  • Delete your data
  • Export your data
  • Opt out of certain processing

To exercise these rights, contact us at support@routeplex.com.

International Transfers

RoutePlex operates globally and processes data in the cloud. Your information may be transferred to and processed in jurisdictions where our service providers operate. We ensure appropriate safeguards are in place for international data transfers.

Children's Privacy

Our Services are not directed to children under 13. We do not knowingly collect information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date.

Contact Us

If you have questions about this Privacy Policy, please contact us at:

  • Email: support@routeplex.com