Legal · Policies & agreements法律 · 政策与协议
DeepRelay Privacy PolicyDeepRelay 隐私政策
How DeepRelay collects, uses, discloses, retains, and protects information when providing accounts, API relay, usage billing, payments, support, and security.
1. Scope and controller
This Policy applies to the DeepRelay website, account dashboard, APIs, documentation, checkout pages, and related support. “DeepRelay,” “we,” and “us” refer to the operator identified as DeepRelay on this website and in the merchant details shown at checkout or on your payment receipt.
DeepRelay acts as controller for account, billing, security, and service-administration data. When you submit prompts or other API inputs, DeepRelay processes that content to route the request to the model provider you select. Depending on your relationship with us and applicable law, we may act as an independent controller or as a processor/service provider for that content.
2. Information we collect
- Account and identity: email address, password verifier or OAuth identifier, verification status, user ID, session and authentication records.
- Projects and API credentials: project names, API Key name, scope, status, creation time, token identifiers, hashes, masks, and security events. A complete user API Key is displayed once at creation; do not send it to support.
- API traffic and usage: selected provider/model, endpoint, request time, token or other metered usage, latency, status, error metadata, routing/channel identifiers, and associated account/project/Key. Request inputs and generated outputs transit our systems and the selected upstream provider so the service can respond.
- Billing and payments: order ID, amount, currency, payment method category, provider transaction/capture/refund identifiers, status, timestamps, balance ledger, auto-recharge settings, and redacted payment diagnostics. PayPal, card, Apple Pay, Google Pay, or Alipay providers collect payment account/card details under their own policies; DeepRelay does not intentionally store full card numbers or security codes.
- Device, network, and security: IP address, user agent, cookie/session identifiers, access logs, rate-limit events, fraud/abuse signals, and audit records.
- Support: messages and evidence you choose to provide, such as account email, order ID, timestamps, and redacted screenshots.
3. Sources
We receive information directly from you, automatically from your browser or API client, from identity providers you choose (such as Apple or Google), from payment providers, and from model/upstream providers involved in fulfilling or diagnosing your request.
4. Purposes and legal bases
- Contract/service delivery: create and secure accounts, authenticate requests, route API calls, return responses, measure usage, maintain balances, process payments/refunds, and provide support.
- Legitimate interests: prevent fraud and abuse, enforce limits, protect systems and users, troubleshoot incidents, improve reliability, maintain auditability, and defend legal claims.
- Legal obligations: keep records, respond to lawful requests, meet tax/accounting/payment obligations, and enforce sanctions or other mandatory restrictions.
- Consent: where required for optional cookies, communications, or another specific purpose. You may withdraw consent without affecting prior lawful processing.
5. How information is disclosed
- Model and upstream providers: API input, required files/media, settings, and related metadata are sent to the provider selected or routed for your model request. Their processing and retention practices may also apply.
- Payments and identity: payment providers, wallet operators, banks, Apple, Google, and OAuth providers receive information needed to authenticate or complete the transaction.
- Infrastructure and operations: hosting, network, email, security, monitoring, and professional service providers process information under service and confidentiality restrictions.
- Legal and safety: we may disclose information when reasonably necessary to comply with law, protect rights or safety, investigate abuse, or support a corporate transaction subject to appropriate safeguards.
DeepRelay does not sell personal information for money and does not use cross-context behavioral advertising. If that practice changes, we will provide any legally required notice and control before the change applies.
6. International processing
DeepRelay is a global API relay. Your information may be processed in countries or regions different from where you live, including where our hosting, payment, identity, and selected model providers operate. Data protection rules may differ. Where required, we use contractual, technical, organizational, or other legally recognized safeguards and evaluate transfer requirements.
7. Retention
We keep information only as long as reasonably necessary for the purpose collected, to provide the service, satisfy legal/accounting/payment duties, maintain security and audit trails, resolve disputes, and enforce agreements. Expired session and OAuth state records are removed or invalidated on their operational schedule. Account/project records generally remain while the account is active. Usage, ledger, order, refund, provider-event, security, and audit records may be kept after account closure when needed for reconciliation, fraud prevention, legal compliance, or claims. Support evidence is kept for the case and a reasonable follow-up period.
Retention is determined by record type, sensitivity, transaction lifecycle, contractual/legal requirements, dispute risk, and whether deletion is technically feasible in active systems and protected backups. Data is deleted, anonymized, or access-restricted when it is no longer required.
8. Security
We use measures designed to protect information, including TLS, access controls, hashed credentials, least-privilege service accounts, network restrictions, logging/auditing, secrets separation, backups, and abuse controls. No system is completely secure. You are responsible for securing your account, devices, and API Keys, and for promptly rotating or deleting a compromised Key.
9. Your privacy rights
Depending on applicable law, you may request access, correction, deletion, portability, restriction, objection, withdrawal of consent, or information about categories, sources, purposes, and recipients. You may also have the right to appeal a decision or complain to a competent regulator. We will not discriminate against you for exercising a legal privacy right.
Submit a request through the authenticated support/contact method shown in your DeepRelay dashboard or the merchant contact method on your payment receipt. Include the account email and the right requested, but never include a password, complete API Key, full card number, or security code. We may verify identity and may retain information permitted or required for security, payment, tax, legal, or dispute purposes.
10. Cookies and local storage
We use strictly necessary cookies or browser storage for authentication, security, language preference, navigation state, and payment flow continuity. Payment and identity providers may set their own cookies or storage. We do not currently use DeepRelay data for third-party behavioral advertising.
11. Children
The service is intended for users who are at least 18 years old or the age of legal majority where they live. We do not knowingly offer the service to children. If you believe a child provided personal information, contact us so we can investigate and take appropriate action.
12. Changes and contact
We may update this Policy to reflect service, provider, legal, or security changes. We will post the new effective date and, for material changes, provide reasonable notice where required.
For privacy questions or requests, use the authenticated support/contact method displayed in your DeepRelay dashboard or the merchant contact details on your payment receipt. The current website does not publish a DPO because no DPO designation has been confirmed.
说明 DeepRelay 在提供账户、API 中转、用量计费、支付、支持和安全服务时如何收集、使用、披露、保存和保护信息。
1. 适用范围与信息控制方
本政策适用于 DeepRelay 网站、账户控制台、API、文档、结账页面及相关支持服务。“DeepRelay”“我们”指本网站以及结账或支付凭证中以 DeepRelay 名义标识的服务运营方。
对于账户、账单、安全和服务管理数据,DeepRelay 作为信息控制方。你提交提示词或其他 API 输入时,DeepRelay 会处理这些内容并将请求路由给你选择的模型供应商。根据你与我们的关系及适用法律,我们可能作为独立控制方,或作为该内容的处理方/服务提供商。
2. 我们收集的信息
- 账户与身份:邮箱地址、密码校验值或 OAuth 标识、验证状态、用户 ID、会话和认证记录。
- 项目与 API 凭据:项目名称、API Key 名称、权限范围、状态、创建时间、Token 标识、哈希、掩码和安全事件。完整用户 API Key 只在创建时展示一次,请勿发送给支持人员。
- API 流量与用量:所选供应商/模型、端点、请求时间、Token 或其他计量用量、延迟、状态、错误元数据、路由/Channel 标识,以及关联账户/项目/Key。为返回结果,请求输入和生成输出会经过我们的系统并发送给所选上游供应商。
- 账单与支付:订单号、金额、币种、支付方式类别、供应商交易/扣款/退款标识、状态、时间、余额账本、自动充值设置和脱敏支付诊断。PayPal、银行卡、Apple Pay、Google Pay 或支付宝供应商根据其自身政策收集支付账户/卡信息;DeepRelay 不会有意存储完整卡号或安全码。
- 设备、网络与安全:IP 地址、用户代理、Cookie/会话标识、访问日志、限流事件、欺诈/滥用信号和审计记录。
- 支持材料:你主动提供的消息和证据,例如账户邮箱、订单号、时间和脱敏截图。
3. 信息来源
信息来源包括:你直接提供的信息;浏览器或 API 客户端自动产生的信息;你选择的身份提供商(如 Apple 或 Google);支付服务商;以及参与完成或诊断请求的模型/上游供应商。
4. 处理目的与法律依据
- 履行合同/提供服务:创建和保护账户、验证请求、路由 API 调用、返回响应、计量用量、维护余额、处理支付/退款并提供支持。
- 合法利益:防范欺诈和滥用、执行限制、保护系统和用户、排查事故、提升可靠性、维持审计能力并处理法律主张。
- 法定义务:保存必要记录、响应合法要求、履行税务/会计/支付义务及执行制裁或其他强制限制。
- 同意:在可选 Cookie、通信或其他特定目的依法需要同意时使用。你可以撤回同意,但不影响撤回前处理的合法性。
5. 信息披露方式
- 模型与上游供应商:API 输入、必要文件/媒体、设置和相关元数据会发送给你选择或路由到的模型供应商。其自身处理和保存规则也可能适用。
- 支付与身份:支付服务商、钱包运营方、银行、Apple、Google 和 OAuth 提供商会接收完成认证或交易所需的信息。
- 基础设施与运营:托管、网络、邮件、安全、监控和专业服务提供商在服务与保密限制下处理信息。
- 法律与安全:在遵守法律、保护权利或安全、调查滥用或进行受适当保障约束的企业交易确有必要时,我们可能披露信息。
DeepRelay 不以金钱对价出售个人信息,也不进行跨场景行为广告。如未来改变,我们会在变更生效前提供法律要求的告知与控制。
6. 跨境处理
DeepRelay 是全球 API 中转服务。你的信息可能在居住地之外的国家或地区处理,包括我们的托管、支付、身份及所选模型供应商所在地。各地数据保护规则可能不同。在法律要求时,我们会采用合同、技术、组织或其他认可的保障措施,并评估跨境传输要求。
7. 保存期限
我们仅在为实现收集目的、提供服务、履行法律/会计/支付义务、维护安全与审计轨迹、解决争议和执行协议所合理必要的期限内保存信息。过期会话和 OAuth state 会按其运行周期删除或失效。账户/项目记录通常在账户有效期间保存。用量、账本、订单、退款、供应商事件、安全和审计记录在账户关闭后仍可能因对账、反欺诈、合规或争议处理需要继续保存。支持证据在工单处理及合理跟进期内保存。
具体期限依据记录类型、敏感程度、交易生命周期、合同/法律要求、争议风险,以及在活动系统和受保护备份中删除的技术可行性确定。不再需要时会删除、匿名化或限制访问。
8. 安全措施
我们采用 TLS、访问控制、凭据哈希、最小权限服务账户、网络限制、日志/审计、密钥隔离、备份和反滥用控制等措施保护信息。但任何系统都无法保证绝对安全。你有责任保护账户、设备和 API Key,并在 Key 泄露时立即轮换或删除。
9. 你的隐私权利
根据适用法律,你可能有权请求访问、更正、删除、可携带副本、限制处理、反对处理、撤回同意,或了解信息类别、来源、目的和接收方;也可能有权对决定申诉或向主管监管机构投诉。你依法行使隐私权时,我们不会歧视你。
请通过 DeepRelay 登录后控制台显示的支持/联系渠道,或支付凭证上的商户联系渠道提交请求。提供账户邮箱和所请求的权利,但不要提供密码、完整 API Key、完整卡号或安全码。我们可能验证身份,并依法为安全、支付、税务、法律或争议需要保留部分信息。
10. Cookie 与本地存储
我们使用严格必要的 Cookie 或浏览器存储来维持认证、安全、语言偏好、导航状态和支付流程。支付和身份提供商可能设置其自身 Cookie 或存储。DeepRelay 当前不使用这些数据进行第三方行为广告。
11. 未成年人
本服务面向年满 18 周岁或达到所在地法定成年年龄的用户。我们不会明知向儿童提供服务。如你认为儿童向我们提供了个人信息,请联系我们调查并采取适当措施。
12. 变更与联系
我们可能因服务、供应商、法律或安全变化更新本政策,并发布新的生效日期;重大变更会在法律要求时提供合理通知。
隐私问题或权利请求请使用 DeepRelay 登录后控制台显示的支持/联系渠道,或支付凭证中的商户联系方式。当前网站未公布数据保护官(DPO),因为尚未确认已指定 DPO。