Legal

Privacy Policy

Effective date: June 2, 2026
InferLayer AI, Inc.

1. Overview

This Privacy Policy explains what information InferLayer AI, Inc. ("InferLayer," "we," "us") collects when you use our LLM gateway service (the "Service"), why we collect it, how long we keep it, and the choices you have. We aim to be direct: InferLayer is infrastructure that sits in the request path between your application and language models, so by design it processes the content of the requests you send through it.

2. Information we collect

API requests and responses

When you send requests through the Service, we process and log the prompts you submit and the responses returned, together with associated metadata. This is core to how the Service operates — see "How prompts and responses are handled" below.

Account information

When you or your organization are onboarded, we collect account details such as contact email, company name, and tenant identifiers, and we issue API keys (stored only as salted SHA-256 hashes — we never store the plaintext key).

Usage metrics

We record operational metrics including token counts, request latencies, routing decisions, and computed costs per request, for billing and service operation.

3. Why we process this information

  • Service operation — routing, caching, spend governance, and returning responses to your application.
  • Billing — metering token usage and request volume.
  • Audit and compliance — maintaining a tamper-evident record of activity for dispute resolution and integrity verification.
  • Product improvement — only on an aggregated, de-identified basis (e.g. routing accuracy, cache hit rates). We do not use the content of your prompts to train models.

4. How prompts and responses are handled

Prompts and responses ARE logged for audit, billing, and dispute-resolution purposes. Logs are stored encrypted at rest in our AWS account (us-east-1) with restricted IAM access. The audit log uses a tamper-evident SHA-256 hash chain — see our Security overview for details.

We will not claim that we "don't store prompts," because that would not be true: the audit chain exists precisely so that activity can be verified after the fact. What we do commit to is keeping that data encrypted, access-restricted, and retained only as long as described below.

5. Data retention

By default, audit logs (including prompts and responses) are retained for twelve (12) months. Retention is configurable per contract. Enterprise-tier customers may opt for a self-hosted (BYOC) deployment, in which prompts, responses, API key material, tenant identity, and audit data never leave the customer's own infrastructure.

6. Sharing and third parties

  • Model providers — when a request is classified as complex and routed to a frontier provider (such as OpenAI or Anthropic), that provider receives the prompt content for that request and processes it under their own terms. Simpler requests are served by local models and are not sent to third-party providers.
  • Infrastructure — we use Amazon Web Services (AWS) to host the Service and store data.
  • No advertising third parties, no data brokers, and no sale of personal data or prompt content.

7. Your rights

Depending on your location, you may have rights under the GDPR, the California Consumer Privacy Act (CCPA/CPRA), and similar laws — including the right to access, correct, export, or delete your data. To exercise these rights, or to request data export, email contact@inferlayer.ai. We will respond within the timeframes required by applicable law. We do not sell personal information.

8. Cookies

We use cookies minimally. Our marketing pages set no tracking or analytics cookies. Session cookies are used only where authentication is required — namely the /dashboard and /admin interfaces — to keep you signed in. We do not use third-party advertising or cross-site tracking cookies.

9. Security

Data is encrypted in transit (TLS) and at rest (AES-256, AWS-managed), with access governed by scoped IAM roles and tenant isolation enforced on every request. For a fuller description of our security posture, see the Security overview.

10. Changes to this Policy

We may update this Policy from time to time. Material changes will be reflected by an updated effective date above and, where appropriate, direct notice.

11. Contact

Questions or requests regarding this Policy? Contact us at contact@inferlayer.ai.