Privacy Policy

Introduction

Costbase provides an enterprise LLM gateway service that optimizes your AI infrastructure costs through intelligent routing, semantic caching, and cost analytics. This privacy policy explains how we collect, use, protect, and share your information when you use our platform.

Our service operates on a bring-your-own-keys (BYOK) model where you maintain direct relationships with LLM providers. We route your requests through our optimization layer but never resell LLM services or mark up provider costs.

Information We Collect

Account Information

When you create an account, we collect:

Authentication Data: We support multiple authentication methods including Google OAuth, SAML 2.0 (for enterprise SSO with Okta, Azure AD, OneLogin), and generic OIDC providers. Depending on your authentication method, we collect your email address, display name, profile picture, and a unique identifier from your identity provider.

Organization Data: If you create or join an organization, we collect organization name, your role within the organization, and information about team members you invite.

API Keys and Credentials

Your LLM Provider Keys: You provide encrypted API keys for LLM providers you wish to use (such as OpenAI, Anthropic, Google AI, xAI, Groq, or DeepSeek). These keys are encrypted using industry-standard encryption and stored securely. We use these keys exclusively to route your requests through the selected provider. We never have access to the plaintext content beyond what is necessary for routing and caching decisions.

Costbase API Keys: We generate API keys for you to authenticate requests to our gateway. These keys are used to identify your account and track usage.

Request and Usage Data

Request Metadata: For each request you make through our gateway, we collect technical information including the model name, provider used, token counts (prompt and completion), request latency, timestamp, and whether the response was served from cache. This metadata is essential for generating cost analytics, optimizing routing decisions, and providing usage reports.

Routing Decisions: We log which model was selected for each request, the routing algorithm used, task type detected (such as coding, creative writing, analysis), complexity score, and cost calculations.

Cache Data: Our semantic cache system temporarily stores embeddings of your prompts and the corresponding responses to improve performance and reduce costs. Cache entries include the prompt text, response content, similarity vectors generated by OpenAI's embedding API, and timestamps. Cache data has a configurable time-to-live (TTL), typically set to one hour by default.

Usage Analytics: We aggregate your usage data to provide dashboards showing costs by provider and model, request volume trends over time, cache hit rates, token consumption, and cost savings compared to baseline models.

Budget and Configuration Data

We store your budget limits and alert thresholds, webhook URLs and configurations, project settings, rate limiting rules, guardrail configurations (including PII and PHI detection patterns), and service level objective targets.

Security and Compliance Data

Multi-Factor Authentication: If you enable MFA, we store your TOTP secret encrypted and backup codes in hashed form.

Guardrail Logs: When our guardrail system detects potential PII or PHI in your requests, we log the detection event including the pattern matched and timestamp, but we do not store the actual sensitive content detected.

Security Events: We log authentication attempts, API key usage, rate limit violations, and other security-relevant events.

Payment Information

We use Polar.sh as our payment processor. When you subscribe to a paid plan, Polar.sh handles all payment processing. We receive only the information necessary to provide service, such as subscription status, plan tier, billing period (monthly or annual), and subscription start and end dates. We never store your credit card numbers or payment credentials directly.

Technical Data

We automatically collect technical information including your IP address for security and fraud prevention, user agent string, request timestamps, error logs and stack traces (which do not include your prompt or response content), and performance metrics.

How We Use Your Information

Service Delivery

We use your information to authenticate requests and verify your identity, route your requests to the appropriate LLM provider using your API keys, apply semantic caching to reduce costs and improve response times, calculate costs and track token usage, enforce rate limits and budget caps, send webhook notifications based on your configured triggers, and detect potential PII or PHI when guardrails are enabled.

Analytics and Optimization

Your data helps us generate usage dashboards and cost reports for your account, improve our intelligent routing algorithms to better match tasks with optimal models, identify opportunities for cost savings, track cache hit rates and overall system performance, and provide insights into your usage patterns.

Account Management

We use your email to send important service notifications including budget alerts when approaching or exceeding limits, security notifications such as new login from unrecognized device, subscription and billing updates, webhook failure alerts, and guardrail violation notifications.

Security and Fraud Prevention

Your data helps us detect and prevent unauthorized access, identify unusual usage patterns that may indicate account compromise, enforce rate limits to prevent abuse, and comply with our acceptable use policy.

Service Improvement

We use aggregated and anonymized usage data to improve routing algorithms, optimize model selection, enhance caching effectiveness, and develop new features. Individual request content is never used for training or shared outside your organization.

Legal Compliance

We may use your information to comply with legal obligations, respond to valid legal requests, enforce our Terms of Service, and protect our rights and the rights of other users.

Our BYOK Architecture and Data Access

Costbase operates on a bring-your-own-keys model which provides you with greater data privacy and control.

What We Do Access

Routing Layer: We receive your prompts to analyze task type, complexity, and determine optimal model selection. This analysis happens in real-time and the data is not permanently stored beyond caching.

Caching Layer: For semantic caching, we generate embeddings of your prompts using OpenAI's embedding API and store these vectors along with responses to match similar future requests. You can disable caching if you prefer.

Metadata Only: We permanently store only metadata about your requests (model, cost, tokens, latency), not the actual prompt or response content beyond the cache TTL.

What We Do Not Access

Your LLM Provider Accounts: We never access your billing, usage data, or other information from your LLM provider accounts. You maintain complete independence and can monitor costs directly with each provider.

Your Provider Conversations: While your requests pass through our system for routing, we do not train models on your data, sell or share your prompts or responses with third parties, or use your data for any purpose beyond providing the gateway service.

Direct Provider Relationships

You maintain direct billing relationships with LLM providers and pay them directly. We do not resell or mark up LLM services. Your API keys remain under your control and can be rotated at any time. If you remove a provider's API key, we immediately stop routing requests to that provider.

Data Storage and Retention

Cache Data

Semantic cache data including embeddings and responses are stored in Redis with a configurable TTL (default one hour). After expiration, cache entries are automatically purged and not recoverable.

Logs

Request metadata is retained based on your subscription tier to support analytics and debugging:

• Free: 3 days
• Pro: 30 days
• Team: 90 days
• Enterprise: 365 days

Logs older than your retention period are automatically and permanently deleted by our daily cleanup process. Prompt and response content storage is configurable per project (Full, Trimmed, Masked, or None).

Account Data

Your account information, organization details, and configuration settings are retained for as long as your account is active. You can request deletion of your account at any time.

Billing Records

Billing records and subscription history are retained as required by financial regulations and to support potential disputes. These records include payment history, subscription changes, and invoices, but not your payment credentials which are held by Polar.sh.

Backup Data

Deleted data may remain in encrypted backups for up to 30 days before permanent deletion.

Data Security

We implement multiple layers of security to protect your information.

Encryption

In Transit: All data transmission between your application and our gateway uses TLS 1.2 or higher encryption. Communication between our services and LLM providers also uses encrypted connections.

At Rest: Sensitive data including API keys and MFA secrets are encrypted using AES-256 encryption. Database backups are encrypted.

Access Controls

Authentication: All API requests require Bearer token authentication. Dashboard access requires OAuth or enterprise SSO authentication. Optional multi-factor authentication (TOTP-based) provides additional account security.

Authorization: Role-based access control (RBAC) for team members within organizations. API keys can be scoped to specific projects or permissions. Service-to-service communication uses short-lived JWT tokens (5-minute expiry) with minimal claims.

Infrastructure Security

Our infrastructure includes regular security updates and patches, network isolation and firewall rules, rate limiting to prevent DoS attacks, automated monitoring and alerting for suspicious activity, and regular security audits and vulnerability scanning.

Secure Development

We follow security best practices including code reviews, dependency scanning for known vulnerabilities, secrets management (no hardcoded credentials), and pre-commit hooks to prevent accidental secret exposure.

Guardrails

Our optional guardrail system can detect potential PII and PHI patterns in requests before they're sent to LLM providers, helping you maintain compliance with data protection regulations.

Data Sharing and Third Parties

LLM Providers

When you make a request, we share your prompt with the LLM provider you've configured (or the provider selected by our routing algorithm if using auto mode). This sharing is necessary to fulfill your request and occurs using your own API keys. The provider processes your prompt according to their privacy policy.

Payment Processor

Polar.sh handles all payment processing. When you purchase a subscription, you interact directly with Polar.sh's checkout system. They collect payment information according to their privacy policy. We receive only subscription status and billing period information, never your payment credentials.

Authentication Providers

If you authenticate using Google OAuth, enterprise SAML SSO, or OIDC, the respective identity provider authenticates you according to their privacy policy and provides us only with basic profile information (email, name, profile picture) necessary to create and manage your account.

Service Providers

We may use third-party service providers for infrastructure hosting, monitoring and error tracking, email delivery for notifications, and analytics (using aggregated, anonymized data only). These providers are contractually obligated to protect your data and use it only for providing services to us.

Legal Requirements

We may disclose your information when required by law, such as responding to court orders or subpoenas, complying with valid government requests, enforcing our Terms of Service, protecting against fraud or security threats, or protecting our rights, property, or safety and that of our users.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and provide notice on our website before your information is transferred and becomes subject to a different privacy policy.

No Sale of Personal Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

Your Rights and Choices

Access and Portability

You can access your account information through the dashboard, view your usage logs and request history, export your usage data and analytics, and review your API keys and connected providers.

Correction and Updates

You can update your profile information at any time, modify organization details, adjust budget limits and alert thresholds, update webhook configurations, and change or rotate your LLM provider API keys.

Deletion

You can delete your API keys at any time, remove provider connections, delete individual projects, and close your entire account. When you delete your account, we will remove your data according to our retention schedules. Some data may be retained in backups for up to 30 days and certain records may be retained longer as required by law (such as billing records).

Cache Control

You can disable semantic caching entirely for privacy-sensitive workloads or clear cache entries on demand.

Communication Preferences

You can manage email notification preferences for budget alerts, security notifications, and webhook failures. Note that we will always send critical security and billing notifications regardless of preferences.

Data Subject Rights (GDPR, CCPA)

If you are in the European Union, you have additional rights under GDPR including the right to be informed about data processing, right to access your personal data, right to rectification of inaccurate data, right to erasure (right to be forgotten), right to restriction of processing, right to data portability, and right to object to certain processing.

If you are in California, you have rights under CCPA including the right to know what personal information is collected, the right to delete personal information, the right to opt-out of sale (we don't sell data), and the right to non-discrimination for exercising rights.

How to Submit a Request: Email us at contact@costbase.ai with the subject "Data Subject Request" and include your account email address. We may ask for additional information to verify your identity before processing your request.

Response Time: We will acknowledge your request within 5 business days and provide a substantive response within 30 days, as required by GDPR. If we need additional time (up to 60 days for complex requests), we will notify you of the extension and reasons.

International Data Transfers

Our service is operated from the United States. By using Costbase, you acknowledge that your information may be transferred to, stored, and processed in the United States and other jurisdictions where our service providers operate. We take steps to ensure appropriate protection of your data regardless of where it is processed, including using standard contractual clauses and ensuring service providers meet adequate data protection standards.

Children's Privacy

Costbase is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately and we will delete it.

Changes to This Privacy Policy

We may update this privacy policy from time to time as our service evolves, legal requirements change, or business practices are updated. Material changes will be communicated via email at least 30 days before taking effect, giving you time to review the updates. We will also post a notice on our website and update the "Last Updated" date at the top of this policy. Continued use of our service after changes take effect constitutes acceptance of the updated policy. If you disagree with changes, you may close your account before they take effect.

Contact Us

For privacy-related questions, to exercise your data rights, or to report privacy concerns, please contact us at:

Email: contact@costbase.ai

For security vulnerabilities, use: contact@costbase.ai

We take privacy concerns seriously and will respond to all requests within 30 days.