Legal

Privacy Policy

Last updated: 19 March 2026

1. Introduction

Cailos ("we", "us", "our") operates an AI gateway that routes LLM requests across multiple providers. This Privacy Policy explains how we collect, use, and protect information when you use our service.

2. Data We Collect

2.1 Account Data

When you register, we collect your username, email address, and timezone. Passwords are hashed with Argon2 and never stored in plaintext.

2.2 API Request Metadata

For each API request routed through Cailos, we log: timestamp, API key used (hashed), provider routed to, model selected, token counts (input/output), latency, estimated cost, and request status (success/error/timeout). We do not store the content of your prompts or model responses.

2.3 PII Shielding

All requests are processed through LLMShield before being sent to upstream providers. PII (personally identifiable information) is detected and cloaked in transit, then uncloaked in the response. This means upstream providers never see raw PII in your prompts.

3. How We Use Data

Route requests to the optimal LLM provider based on your configuration
Enforce rate limits and usage quotas per team and tier
Monitor endpoint health and performance (latency, throughput, availability)
Run periodic capability evaluations on LLM endpoints
Generate usage analytics visible on your team dashboard
Bill based on estimated cost of routed requests

4. Subprocessors

We route your requests to third-party LLM providers ("subprocessors"). Each provider processes the content of your requests according to their own privacy policies. See our Subprocessors page for the full list.

5. Data Retention

Request logs: Retained indefinitely for billing and audit. Contains metadata only, not content.
Health check logs: Pruned after 90 days.
Eval results: Pruned after 180 days.
Account data: Retained while your account is active. Deleted upon request.

6. Data Security

Provider API keys are Fernet-encrypted at rest, derived from a master secret key via HKDF
User API keys are Argon2-hashed — only the prefix is stored in plaintext
All connections use HTTPS/TLS in production
HSTS, secure cookies, and CSRF protection are enabled
PII is cloaked before reaching any third-party provider

7. Your Rights

You may request access to, correction of, or deletion of your personal data by contacting us. If you are in the EU/UK, you have rights under GDPR including the right to data portability and the right to lodge a complaint with a supervisory authority.

8. Contact

For privacy-related inquiries: [email protected]

Home Terms Subprocessors