Privacy Policy
Last updated: 4 May 2026
GammaInfra is an intelligent LLM routing service operated by GammaInfra Ltd., a company registered in England and Wales. This policy explains what data we collect, how we use it, and your rights. The short version: we never log your prompts or model responses.
1. What We Collect
Account information
- Email address (required for signup)
- Name (optional)
Provider API keys (BYOK only)
- If you choose to bring your own provider API keys, they are stored encrypted at rest
- If you use GammaInfra's managed access (default), no provider keys are collected from you
Request metadata
For each API call we record metadata used for billing, routing, and reliability — including but not limited to:
- Timestamps, request ID, customer ID
- Model requested and model dispatched
- Provider name and physical endpoint served
- Token counts (
prompt_tokens,completion_tokens) - Latency (
latency_ms,ttfb_ms) - Task label classification (e.g.
code,chat) - Cost in USD and any platform fee
- Routing version, fallback chain, and any health-cache markers used
- Error type and error provider, if any
Payment data
- Handled entirely by Stripe — we do not store card numbers, CVVs, or billing addresses
Rate limiting data
- IP addresses stored temporarily in Redis for rate limiting
- Automatically expires after 1 hour
2. What We Do NOT Collect
We do NOT log, store, or read the content of your prompts or model responses. Prompt content is forwarded directly to the LLM provider and the response is returned directly to you. We do not inspect, cache, or train on the content of messages passing through the routing layer.
3. How We Use Your Data
- Request metadata: billing and cost calculation, routing optimization, service monitoring via Prometheus and Grafana
- Email: account identification, service communications, notification of term changes
- Provider API keys (if BYOK): to authenticate requests on your behalf with LLM providers. Not applicable if you use managed access.
4. Third-Party Data Sharing
LLM providers
Your prompts are sent to the LLM provider your request is routed to (e.g. OpenAI, Anthropic, Google, Mistral, Groq, DeepSeek, xAI, Amazon Bedrock). Each provider has their own privacy policy and data handling practices. We do not control how providers use your data once it reaches their API.
Stripe
Payment processing is handled by Stripe. See Stripe's privacy policy.
We do NOT sell, rent, or share your data with advertisers or data brokers.
5. Data Retention
- Request metadata: retained for up to 24 months for billing audit and routing optimization, then purged or aggregated. Earlier deletion on request — contact hello@gammainfra.com.
- Account data: retained while your account is active; deleted upon request
- Provider API keys (if BYOK): deleted immediately upon key revocation or account deletion
- Rate limit data (IP addresses): automatically expires after 1 hour
6. Data Security
- Provider API keys are encrypted at rest
- All traffic is encrypted in transit via TLS (certificates from Let's Encrypt)
- GammaInfra API keys are stored as bcrypt hashes — never in plaintext
- Infrastructure runs on dedicated hardware we directly control (not shared hosting)
7. Your Rights (GDPR)
If you are in the EU/EEA, you have the following rights under the General Data Protection Regulation:
- Right to access: request a copy of your data
- Right to rectification: update your account information
- Right to erasure: request deletion of your account and all associated data
- Right to data portability: export your request logs in a machine-readable format
- Right to object: opt out of non-essential data processing
To exercise any of these rights, contact hello@gammainfra.com.
8. Cookies
We do not use cookies. The API is stateless and authenticated via API keys. The landing page at gammainfra.com does not set any cookies.
9. Children
GammaInfra is not directed at anyone under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
10. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email to the address associated with your account at least 30 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.
11. Contact
Questions or concerns about this privacy policy? Contact us at hello@gammainfra.com.
GammaInfra Ltd.
Registered in England and Wales
https://gammainfra.com
Frequently asked questions
Plain-language answers to the most common privacy questions. The numbered sections above are the authoritative policy.