1. Information We Collect

Account Information

• Email address
• Username (optional)
• Hashed password (never stored in plain text)
• Account creation date

API Usage Data

• API request metadata (timestamps, models used)
• Cached queries and responses (for service functionality)
• Usage statistics (request counts, cache hit rates)
• API keys (encrypted)

Technical Information

• IP addresses (for security and rate limiting)
• Browser type and version
• Operating system
• Request headers

2. How We Use Your Information

We use the collected information to:

• Provide and maintain the CacheGPT service
• Process and cache API requests efficiently
• Generate usage analytics and statistics
• Detect and prevent abuse or fraudulent activity
• Send service-related communications
• Improve service performance and features
• Comply with legal obligations

3. Data Security

We implement industry-standard security measures including:

• TLS/SSL encryption for all data in transit
• AES-256 encryption for sensitive data at rest
• Bcrypt hashing for passwords
• Regular security audits and updates
• Access controls and authentication
• Rate limiting and DDoS protection

4. Data Retention

We retain your data as follows:

• Account data: Until account deletion
• Cached responses: 30 days (configurable)
• Usage logs: 90 days
• Security logs: 1 year

You can request data deletion at any time through your account settings or by contacting support.

5. Data Sharing

We do NOT sell, trade, or rent your personal information. We may share data only in these circumstances:

• With your explicit consent
• To comply with legal obligations or court orders
• To protect against fraud or security threats
• With service providers under strict confidentiality agreements
• In aggregated, anonymized form for analytics

6. Third-Party Services

We integrate with the following third-party services:

• LLM Providers: OpenAI, Anthropic, Google (for API proxying)
• Hugging Face: For embedding generation and response adaptation
• Supabase: Database and authentication
• Vercel: Hosting and analytics

Each service has its own privacy policy. We recommend reviewing them.

7. Your Rights (GDPR/CCPA)

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Deletion: Request deletion of your data ("right to be forgotten")
• Portability: Export your data in a machine-readable format
• Restriction: Limit how we process your data
• Objection: Opt-out of certain data uses

To exercise these rights, contact privacy@cachegpt.io

8. Cookies

We use cookies for:

• Authentication and session management
• Security (CSRF protection)
• User preferences
• Analytics (anonymous usage patterns)

You can control cookies through your browser settings. Disabling cookies may limit some features.

9. Children's Privacy

CacheGPT is not intended for users under 13 years of age. We do not knowingly collect personal information from children. If we discover such data, we will promptly delete it.

10. International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses and adequacy decisions.

11. Changes to This Policy

We may update this policy periodically. We will notify you of material changes via email or through the service. Continued use after changes constitutes acceptance.

12. Contact Us

For privacy-related questions or concerns: