DeepRelay Docs/Policies

Legal · Policies & agreements

DeepRelay Privacy Policy

Read this document in
Effective
2026-07-18
Last updated
2026-07-18
Version
1.0

How DeepRelay collects, uses, discloses, retains, and protects information when providing accounts, API relay, usage billing, payments, support, and security.

1. Scope and controller

This Policy applies to the DeepRelay website, account dashboard, APIs, documentation, checkout pages, and related support. “DeepRelay,” “we,” and “us” refer to the operator identified as DeepRelay on this website and in the merchant details shown at checkout or on your payment receipt.

DeepRelay acts as controller for account, billing, security, and service-administration data. When you submit prompts or other API inputs, DeepRelay processes that content to route the request to the model provider you select. Depending on your relationship with us and applicable law, we may act as an independent controller or as a processor/service provider for that content.

2. Information we collect

  • Account and identity: email address, password verifier or OAuth identifier, verification status, user ID, session and authentication records.
  • Projects and API credentials: project names, API Key name, scope, status, creation time, token identifiers, hashes, masks, and security events. A complete user API Key is displayed once at creation; do not send it to support.
  • API traffic and usage: selected provider/model, endpoint, request time, token or other metered usage, latency, status, error metadata, routing/channel identifiers, and associated account/project/Key. Request inputs and generated outputs transit our systems and the selected upstream provider so the service can respond.
  • Billing and payments: order ID, amount, currency, payment method category, provider transaction/capture/refund identifiers, status, timestamps, balance ledger, auto-recharge settings, and redacted payment diagnostics. PayPal, card, Apple Pay, Google Pay, or Alipay providers collect payment account/card details under their own policies; DeepRelay does not intentionally store full card numbers or security codes.
  • Device, network, and security: IP address, user agent, cookie/session identifiers, access logs, rate-limit events, fraud/abuse signals, and audit records.
  • Support: messages and evidence you choose to provide, such as account email, order ID, timestamps, and redacted screenshots.

3. Sources

We receive information directly from you, automatically from your browser or API client, from identity providers you choose (such as Apple or Google), from payment providers, and from model/upstream providers involved in fulfilling or diagnosing your request.

4. Purposes and legal bases

  • Contract/service delivery: create and secure accounts, authenticate requests, route API calls, return responses, measure usage, maintain balances, process payments/refunds, and provide support.
  • Legitimate interests: prevent fraud and abuse, enforce limits, protect systems and users, troubleshoot incidents, improve reliability, maintain auditability, and defend legal claims.
  • Legal obligations: keep records, respond to lawful requests, meet tax/accounting/payment obligations, and enforce sanctions or other mandatory restrictions.
  • Consent: where required for optional cookies, communications, or another specific purpose. You may withdraw consent without affecting prior lawful processing.

5. How information is disclosed

  • Model and upstream providers: API input, required files/media, settings, and related metadata are sent to the provider selected or routed for your model request. Their processing and retention practices may also apply.
  • Payments and identity: payment providers, wallet operators, banks, Apple, Google, and OAuth providers receive information needed to authenticate or complete the transaction.
  • Infrastructure and operations: hosting, network, email, security, monitoring, and professional service providers process information under service and confidentiality restrictions.
  • Legal and safety: we may disclose information when reasonably necessary to comply with law, protect rights or safety, investigate abuse, or support a corporate transaction subject to appropriate safeguards.

DeepRelay does not sell personal information for money and does not use cross-context behavioral advertising. If that practice changes, we will provide any legally required notice and control before the change applies.

6. International processing

DeepRelay is a global API relay. Your information may be processed in countries or regions different from where you live, including where our hosting, payment, identity, and selected model providers operate. Data protection rules may differ. Where required, we use contractual, technical, organizational, or other legally recognized safeguards and evaluate transfer requirements.

7. Retention

We keep information only as long as reasonably necessary for the purpose collected, to provide the service, satisfy legal/accounting/payment duties, maintain security and audit trails, resolve disputes, and enforce agreements. Expired session and OAuth state records are removed or invalidated on their operational schedule. Account/project records generally remain while the account is active. Usage, ledger, order, refund, provider-event, security, and audit records may be kept after account closure when needed for reconciliation, fraud prevention, legal compliance, or claims. Support evidence is kept for the case and a reasonable follow-up period.

Retention is determined by record type, sensitivity, transaction lifecycle, contractual/legal requirements, dispute risk, and whether deletion is technically feasible in active systems and protected backups. Data is deleted, anonymized, or access-restricted when it is no longer required.

8. Security

We use measures designed to protect information, including TLS, access controls, hashed credentials, least-privilege service accounts, network restrictions, logging/auditing, secrets separation, backups, and abuse controls. No system is completely secure. You are responsible for securing your account, devices, and API Keys, and for promptly rotating or deleting a compromised Key.

9. Your privacy rights

Depending on applicable law, you may request access, correction, deletion, portability, restriction, objection, withdrawal of consent, or information about categories, sources, purposes, and recipients. You may also have the right to appeal a decision or complain to a competent regulator. We will not discriminate against you for exercising a legal privacy right.

Submit a request through the authenticated support/contact method shown in your DeepRelay dashboard or the merchant contact method on your payment receipt. Include the account email and the right requested, but never include a password, complete API Key, full card number, or security code. We may verify identity and may retain information permitted or required for security, payment, tax, legal, or dispute purposes.

10. Cookies and local storage

We use strictly necessary cookies or browser storage for authentication, security, language preference, navigation state, and payment flow continuity. Payment and identity providers may set their own cookies or storage. We do not currently use DeepRelay data for third-party behavioral advertising.

11. Children

The service is intended for users who are at least 18 years old or the age of legal majority where they live. We do not knowingly offer the service to children. If you believe a child provided personal information, contact us so we can investigate and take appropriate action.

12. Changes and contact

We may update this Policy to reflect service, provider, legal, or security changes. We will post the new effective date and, for material changes, provide reasonable notice where required.

For privacy questions or requests, use the authenticated support/contact method displayed in your DeepRelay dashboard or the merchant contact details on your payment receipt. The current website does not publish a DPO because no DPO designation has been confirmed.