Privacy Policy

1. Data we collect

We collect the data needed to provide the LLMtrack service.

This may include:

• Account information, such as email address and authentication identifiers.
• Workspace information, such as workspace name, plan, settings, and usage limits.
• API key metadata, such as key name, key prefix, creation date, active/deactivated state, and source labels.
• LLM usage events sent to LLMtrack, such as provider, model, feature name, token counts, cost, latency, request status, timestamp, and metadata included by the user.
• Billing and subscription information processed through our payment provider.
• Technical information needed to operate the service, such as logs, request metadata, device/browser information, and security events.

LLMtrack does not require users to send prompt text, completion text, personal customer data, or sensitive information. Users should avoid sending sensitive or unnecessary personal data inside metadata fields.

2. How we use data

We use collected data to:

• Provide usage analytics, dashboards, reports, alerts, forecasts, and related product features.
• Authenticate users and protect accounts.
• Process subscriptions and enforce plan limits.
• Improve service reliability, performance, and security.
• Detect abuse, errors, fraud, and unauthorized access.
• Communicate important account, billing, security, or service updates.
• Provide support when requested.

We do not sell user data.

We do not use customer usage data to train third-party AI models.

3. API keys and security-sensitive data

Raw LLMtrack API keys are shown only when they are created. After that, we store only protected key verification data, such as hashed key values and key prefixes.

Users are responsible for storing their API keys securely and should not expose them in public repositories, client-side code, screenshots, or public support channels.

If a key is compromised, users should delete or deactivate it and create a new key.

4. User-provided metadata

Users control what they send to LLMtrack through the ingest endpoint.

Metadata fields may be useful for tracking product features, environments, customers, teams, or business context. However, users should not send sensitive personal information, regulated data, secrets, passwords, private keys, or payment card data inside metadata.

LLMtrack is designed for usage analytics, not for storing confidential application payloads.

5. Data retention

Retention depends on the user’s plan and product settings.

Free users may have a shorter visible history window. Paid plans may include longer request-level history or report history.

When data reaches the applicable retention limit, LLMtrack may delete, archive, aggregate, or stop displaying that data according to the plan and product behavior.

Monthly or scheduled reports may remain available separately from raw request-level history, depending on plan and implementation.

6. Data deletion

Users may delete data through available account, workspace, or product controls.

When user data is deleted, we delete it from active production systems where the data is stored for the LLMtrack service. This is intended to reduce the risk of unauthorized use and to respect user privacy.

Some deletion processes may require a short operational period to complete. Backups, security logs, or infrastructure records may persist for a limited time according to normal backup, security, and legal retention practices, but they are not used as active product data.

7. Billing data

Payments may be processed by third-party payment providers. LLMtrack does not store full payment card numbers.

Billing providers may collect and process payment information according to their own privacy and security practices.

8. Service providers

We may use trusted service providers for hosting, database storage, authentication, payment processing, email delivery, analytics, monitoring, and security.

These providers are used only as needed to operate and improve LLMtrack.

9. Security

We use reasonable technical and organizational measures to protect user data, including access controls, hashed API keys, encrypted transport, and restricted access to production systems.

No internet service can guarantee perfect security. Users are responsible for protecting their own credentials, API keys, and account access.

10. International use

LLMtrack may be accessed from different countries. By using the service, users understand that data may be processed where LLMtrack or its service providers operate.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If changes are material, we may provide notice through the website, dashboard, or email.

Continued use of LLMtrack after changes means acceptance of the updated policy.

12. Contact

For privacy questions, contact LLMtrack support at:

support@llm-track.com

Before publishing, verify that support@llm-track.com is configured. If it is not configured, ask the project owner for the correct support email before deployment. Do not publish a fake or unreachable support email.