This Privacy Policy explains how UniAPI collects, uses, and shares information, and the choices you have.

We aim to minimize data collection: by default, our request logs record metadata and usage, not prompt or response bodies.

If you have questions about this Policy, contact us at [email protected].

• Account information: email, sign-in method (password or OAuth), organization/role/group, etc.
• Usage data (request logs): model, timestamps, input/cached/output tokens, latency, TTFT, throughput, estimated cost, status code, and source IP.
• Billing and payment events: top-up amount, currency, payment status, and webhook payloads from the payment provider (for reconciliation and idempotency).
• Device and technical information: browser type and basic diagnostics (e.g., error logs/performance metrics) to improve reliability.
• Support communications: content you provide when you contact us (e.g., via email).

• Provide and operate the Service: authentication, API routing, channel configuration, and access control.
• Security and fraud prevention: detect abuse, fraud, unusual access, and attacks.
• Product and operations: analytics, performance improvements, debugging, and UX enhancements.
• Billing and reconciliation: process top-ups, verify payment status, and maintain billing records.
• Communications: send necessary transactional emails (e.g., login codes, email verification) and respond to support requests.

We do not sell your personal information. We may share information in these cases:

• Upstream model providers: to fulfill API requests, we forward requests to configured providers.
• Service providers: email delivery (e.g., verification codes), payment processing (Creem), etc.
• Business transfers: if we are involved in a merger, acquisition, or asset sale, information may be transferred as permitted by law.
• Legal and compliance: to comply with law, enforce terms, or protect rights and safety.

When you call the API, request content is forwarded to Upstream Providers to generate responses. Upstream Providers may process or retain content under their own policies.

By default, we do not store prompt or response bodies in request logs, and we only record metadata and usage needed for billing and diagnostics.

We use cookies and local storage for authentication and preferences, such as the session cookie (uai_session), language preference (uai_locale), and theme preference.

• Necessary cookies: to keep you signed in and protect security (e.g., sessions).
• Preferences: to remember settings like language and theme (e.g., uai_locale).

We retain information for as long as necessary to provide the Service and delete or anonymize it when you delete your account or make a reasonable request, unless retention is required by law.

• Account data: kept while your account is active; deleted or anonymized within a reasonable period after deletion.
• Billing/payment events: may be retained longer for reconciliation and compliance.

We take reasonable technical and organizational measures to protect data, but no system is 100% secure. Please also protect your account and API keys.

Because we may use service providers and Upstream Providers located in different countries/regions, your information may be processed outside your jurisdiction. We take reasonable measures to protect data and follow applicable transfer requirements when needed.

• You can update your account details, manage keys, and delete your account from the console.
• You can contact us by email to request access, correction, or deletion of personal information.

The Service is not directed to children. We do not knowingly collect children’s personal information. If you believe this has occurred, contact us so we can address it.

We may update this Policy from time to time. We will update the “Last updated” date and may provide notice via the Service.

If you have questions or requests about this Privacy Policy, contact us at: