A short, plainly-written privacy policy.

1. What this covers

This policy applies to idclinks.com and the idclinks API. Customers means organizations that use the API or dashboard. End users means the people whose prompts and completions a customer routes through us.

2. What we collect

From customers

• Account details: company name, billing address, the email of each user with dashboard access.
• Authentication metadata: SSO claims, last-login timestamps, IP at login.
• Payment information, processed by our payment subprocessor — we don't store full card numbers.
• Support correspondence, including emails you send to sales@idclinks.com.

From API traffic

By default, per request, we collect metadata only:

• Project ID, API key ID (never the secret), and request ID.
• Model name, region, replica pool, retention class.
• Token counts (input, output, cached), latency, status code.
• Failover and retry events.

Prompt and completion content is not persisted by default. If your project opts into a content audit log, we'll tell you, and it will be visible in the dashboard.

3. Why we collect it

• To run the service — route requests, meter usage, generate invoices.
• To keep it reliable — operational metrics, capacity planning, incident response.
• To keep it secure — anomaly detection, rate limiting, account-takeover defense.
• To answer your support requests — referring to the request ID you quote.

We do not sell personal information. We don't run advertising or behavioral profiling.

4. Training, training, training

We don't train any model on customer traffic. We don't authorize our upstream providers to train on traffic we route to them — this is set in our agreements with them and we audit it. Zero-retention routes (see security) take this one step further: the bytes never leave volatile memory.

5. Sharing

We share data with subprocessors only when necessary to run the service. The current list is on the security page. We update customers 30 days before any subprocessor change.

We disclose information when required by a binding legal process. We push back on overreaching requests and notify the affected customer unless legally prohibited.

6. Retention

• Metadata logs: 13 months, rolling.
• Billing records: 7 years, as required for accounting.
• Support correspondence: 3 years from the last reply.
• Account records: until 60 days after account closure, then deleted.
• Content audit logs (opt-in only): retention is set per project, default 30 days.

7. Your rights

Depending on where you live, you may have the right to access, correct, port, or delete personal information we hold about you. To exercise any of these rights, email sales@idclinks.com. We'll respond within 30 days.

If you're an end user whose data was sent to us by one of our customers, please go to that customer first — they're the controller of your data. We'll cooperate with their response.

8. International transfers

We run in multiple regions and route traffic per your region settings. When data crosses borders, we rely on standard contractual clauses (and the UK addendum where applicable) to protect the transfer.

9. Children

idclinks is not directed at children. We do not knowingly collect personal information from children under 16. If you believe a child has provided us information, contact us and we'll delete it.

10. Changes

We'll post material changes here and notify account admins by email at least 30 days before they take effect. Minor edits (typos, clarifications) are made in place — check the last-updated date at the top.

11. Contact

For anything privacy-related — questions, requests, complaints — email sales@idclinks.com with "privacy" in the subject line. A human reads every message.