OpusGate
Sign inStart

Privacy Policy

Last updated: 2026-05-22

1. Who we are

OpusGate ("we", "us") operates an API gateway that proxies requests to third-party large language model providers. This policy describes what data we collect, why, and how long we keep it.

2. Data we collect

Account data: email address and a salted hash of your password. We never store your password in plaintext.

Billing metadata: for each API request we record model identifier, input and output token counts, computed cost, and a timestamp. This is what we use to bill you and to detect abuse.

Payment data: top-up amounts and payment-processor transaction IDs. Card details are handled by our payment processor and never reach our servers.

Technical data: IP address and user-agent of API calls and dashboard sessions, kept for fraud and abuse prevention.

3. What we do NOT store

Prompt and completion bodies are not retained on OpusGate servers. They pass through our gateway in memory only and are discarded once the upstream response has been streamed back to you.

We do not train any model on your data, and we do not sell or share your prompts with third parties.

4. Upstream providers

When you call a model, your request is forwarded to the upstream provider (Anthropic, OpenAI, Google, DeepSeek, xAI, etc.). Those providers receive the prompt body and apply their own retention and abuse-detection policies. Review their privacy policies for details.

5. Cookies

We use a single first-party session cookie to keep you signed in to the dashboard. We do not use third-party advertising or tracking cookies.

6. How long we keep data

Account and billing metadata are retained for as long as your account is active, plus 24 months for accounting and tax purposes. Technical logs are retained for 30 days. You can request earlier deletion of your account at any time.

7. Your rights

You can request access to, correction of, or deletion of your account data by emailing support@opusgate.dev. Deletion of your account also closes your API keys and refunds eligible unused balance per the Terms of Service.

8. Security

Passwords are hashed with a modern KDF. API keys are stored as one-way hashes; we cannot recover a key once shown. Traffic to the gateway is TLS-only.

9. International transfers

OpusGate infrastructure is hosted in the EU. Upstream providers may be located outside the EU; by using the Service you accept that prompts you send may be processed in their respective regions.

10. Changes to this policy

Material changes will be announced by email at least 7 days before they take effect. The "Last updated" date at the top of this page always reflects the current version.

11. Contact

Privacy questions: support@opusgate.dev.