Privacy Policy

Effective Date: April 26, 2026
Last Updated: April 26, 2026

This Privacy Policy describes how LLM Gateway (“we”, “our”, or “us”) collects, uses, and protects information when you use DevPass, our flat-rate subscription for AI coding tools, available at code.llmgateway.io.

1. Information We Collect

a. Account Information

When you sign up, we collect your name, email address, and authentication credentials. For paid plans, we also collect billing details (company name, country, payment method) processed securely through Stripe.

b. Usage and Request Data

We log technical metadata for every request routed through DevPass, including:

Request and response timestamps, latency, finish reasons, and HTTP status codes
Token counts (prompt, completion, cached, reasoning) and computed cost
The model and provider used, the routing tier, and the source coding tool (Claude Code, Cursor, Cline, OpenCode, Codex, Autohand, etc.)
IP address, user agent, and approximate region

Whether full request and response payloads (your prompts and the model output) are stored depends on your DevPass retention settings:

Retain all data — payloads and metadata are stored and visible in the dashboard
Metadata only — only counts, costs, and routing info are kept; prompts and responses are discarded after the request completes

c. Cookies and Local Storage

We use first-party cookies and local storage to keep you signed in, remember your UI preferences, and operate basic product analytics (PostHog). Browser-level Do Not Track signals are not currently a supported opt-out mechanism. To opt out of analytics, contact us at contact@llmgateway.io; we are working on a self-serve in-app toggle.

2. How We Use Information

To operate, secure, and improve the DevPass service
To meter usage, enforce plan allowances, and process billing
To power dashboards (per-agent costs, sessions, and usage trends)
To detect abuse, fraud, and policy violations
To send transactional emails (receipts, plan changes) and, with consent, occasional product updates

We do not sell your personal data, and we do not use your prompts or completions to train any model of ours.

3. Sharing With AI Providers

When you make a request, your prompt is forwarded to the AI provider you selected (e.g., Anthropic, OpenAI, Google, Mistral, DeepSeek). Each provider applies its own privacy and data-retention policy to that traffic. We pass through provider-side opt-outs where supported (for example, “no training” flags). You are responsible for reviewing the privacy policies of any provider you use.

4. Sub-processors

We rely on a small set of vetted sub-processors:

Stripe — billing and subscription management
PostgreSQL / Redis hosting — application data and caching
PostHog — product analytics
Email delivery providers — transactional email
AI providers, as listed in the DevPass model catalog

Each sub-processor is bound by contractual data-protection obligations.

5. Data Retention

Account and billing data — kept for the life of your account, plus a reasonable period afterward to meet legal, tax, and accounting obligations
Request metadata — kept for the life of your active DevPass subscription according to your retention setting (default: retained on Lite, Pro, and Max)
Request payloads — only stored if you opt in; you can purge them at any time from settings
Logs and audit trails — kept for security and integrity for up to 12 months

6. Security

We use TLS in transit, encrypted database storage at rest, scoped API keys, and isolated per-organization data access controls. No system is perfectly secure — please report suspected vulnerabilities to contact@llmgateway.io.

7. Your Rights

Depending on your jurisdiction (GDPR, UK GDPR, CCPA, and others), you may have the right to:

Access, correct, or delete your personal data
Export a copy of your data
Object to or restrict certain processing
Withdraw consent for marketing communications

To exercise these rights, email contact@llmgateway.io from the address associated with your account.

8. International Transfers

DevPass is operated from the United States; AI providers we route to may be located in the US, EU, or other regions. Where required, we rely on Standard Contractual Clauses or equivalent mechanisms for cross-border transfers.

9. Children’s Privacy

DevPass is not intended for children under 16 (or the local age of digital consent). We do not knowingly collect data from children.

10. Changes to This Policy

We may update this Policy from time to time. The latest version is always available at code.llmgateway.io/legal/privacy. Material changes will be communicated by email or in-app notice.

11. Contact

Questions about this Policy? Email contact@llmgateway.io.