Privacy Policy

Introduction

Komilion ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our LLM routing API service. We comply with GDPR, CCPA, and other applicable data protection regulations.

Information We Collect

Account Information

• Email address (required for account creation)
• Name (optional, for personalization)
• Password (hashed, never stored in plain text)
• OAuth profile data if you sign in with Google

Usage Data

• API request metadata (model used, token counts, timestamps)
• Cost and billing information
• Error logs for debugging purposes
• Feature usage analytics (which features you use)

Payment Information

• Payment card details are processed by Stripe and never stored on our servers
• We store Stripe customer IDs to link payments to your account
• Transaction history for billing and refund purposes

What We Do NOT Collect

• We do not store your prompts or API request content
• We do not store AI-generated responses
• We do not train models on your data
• We do not sell your personal information

How We Use Your Information

• Provide the service: Route your API requests, manage your account, process payments
• Improve our service: Analyze usage patterns to optimize routing and performance
• Communicate with you: Send account alerts, billing notifications, and product updates
• Customer support: Respond to your inquiries and resolve issues
• Security: Detect and prevent fraud, abuse, and security threats
• Legal compliance: Meet our legal obligations and enforce our terms

Third-Party Services

We use trusted third-party services to operate Komilion:

• Stripe: Payment processing (PCI-DSS compliant)
• OpenRouter: LLM API provider for model access
• Vercel: Hosting and infrastructure
• Sentry: Error monitoring and performance tracking
• Google: OAuth authentication (if you choose to sign in with Google)
• Resend: Transactional email delivery

Each third party has their own privacy policy and data handling practices. We only share the minimum information necessary for them to provide their services.

Cookies and Tracking

We use cookies and similar technologies for:

• Essential cookies: Required for authentication and security
• Preference cookies: Remember your settings and preferences
• Analytics: Understand how you use our service to improve it

You can control cookies through your browser settings. Disabling essential cookies may affect your ability to use certain features.

Data Retention

• Account data: Retained while your account is active, deleted within 30 days of account deletion
• Usage logs: Retained for 90 days for debugging, then aggregated/anonymized
• Billing records: Retained for 7 years for legal/tax compliance
• Support tickets: Retained for 2 years, then anonymized

Your Rights (GDPR & CCPA)

You have the following rights regarding your personal data:

• Access: Request a copy of all data we hold about you
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a machine-readable format
• Restriction: Limit how we process your data
• Objection: Object to certain types of processing
• Withdraw consent: Withdraw consent at any time where we rely on it

To exercise any of these rights, contact us at privacy@komilion.com. We will respond within 30 days.

Data Security

We implement industry-standard security measures to protect your data:

• All data transmitted over HTTPS/TLS encryption
• Passwords hashed using bcrypt with salt
• API keys hashed and never stored in plain text
• Database encryption at rest
• Regular security audits and monitoring
• Access controls and audit logging

International Data Transfers

Our servers are located in the United States. If you are accessing our service from outside the US, your data will be transferred to and processed in the US. We use Standard Contractual Clauses (SCCs) and other appropriate safeguards to ensure your data is protected in accordance with this privacy policy and applicable laws.

Children's Privacy

Komilion is not intended for use by children under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete it promptly. If you believe a child has provided us with personal information, please contact us.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by email or through a prominent notice on our website at least 30 days before they take effect. Your continued use of the service after changes become effective constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or want to exercise your rights:

• Email: privacy@komilion.com
• General inquiries: support@komilion.com
• Contact form: Visit our contact page