Privacy Policy

Modelith(“Modelith”, “we”, “us”) provides a runtime cost-governance plane for autonomous AI agents. This Privacy Policy explains what we collect, why we collect it, the third parties that process it on our behalf, and the choices you have over your data when you use our website, dashboard, and API.

The service is built for two modes of operation: you can route traffic with your own provider keys (BYOK, “Bring Your Own Key”) or with Modelith platform routing. Data handling differs between these modes, as described in the section on information we collect.

For the purposes of applicable privacy law, Modelith is the data controller for account data, billing data, and the routing metadata described below. When you use BYOK and your prompts travel directly to a third-party provider, you remain the controller of that content; Modelith acts as a technical processor only for the routing metadata required to operate the service, such as session identifiers, complexity scores, and token counts.

We process data on the lawful basis of contract performance (providing the service you signed up for), legitimate interest (securing the service, preventing abuse, and improving routing quality), and legal obligation (tax, billing, and compliance recordkeeping) as applicable in your jurisdiction.

Account data. Email address, password hash, plan tier, account preferences, account creation timestamp, last login timestamp, and the billing identifiers Paddle returns to us (customer ID, subscription ID, and transaction history metadata).

API routing metadata.For every routing call we process: request timestamp, model and provider selected, input and output token counts, estimated cost in USD, complexity score (1–10), latency in milliseconds, response status, escalation flags, and the session identifier when you use governor features. We retain this metadata to bill you, debug routing decisions, and surface usage analytics in the dashboard.

Prompt and completion content. By default we do not persist full prompt or model response text in primary request logs. Optional product surfaces (dashboard chat history, semantic cache, and evaluation traces when explicitly enabled) may store content you send through those surfaces; the relevant toggle is shown in dashboard settings, and content under those surfaces is bound to your account and deletable from the dashboard.

Provider keys (BYOK).API keys you add to your account are encrypted at rest with Fernet (AES–128–CBC in CBC mode with HMAC–SHA256 authentication) before they are written to the database. We do not log key material, do not return it in API responses, and do not include it in error reports.

Support communications. When you email us, the contents of your message, the email headers, and any files you attach are retained to resolve your request and to maintain a transactional record.

Website and security logs. Standard server logs (IP address, user agent, request path, response status) for a rolling 30-day window for security, abuse prevention, and capacity planning. Design partner and waitlist submissions are stored in a separate, access-controlled table.

• Provide, secure, and improve the routing API and dashboard
• Enforce plan limits, wallet balances, and acceptable use
• Process payments and subscriptions through Paddle
• Send transactional email: account, billing, security, and budget alerts
• Detect and prevent abuse, fraud, and unauthorized access
• Respond to valid legal requests and enforce our agreements
• Produce aggregate, de-identified analytics about platform usage

We share data only with subprocessors that operate the service. The current list of subprocessors is:

• Paddle.com Market Limited (United Kingdom). Merchant of Record. Processes payments, issues invoices, files sales tax and VAT, and operates the customer portal. Receives billing contact and transaction data per the Paddle privacy policy.
• OpenRouter (United States). Upstream aggregator for platform routing. Receives prompts and parameters required to fulfill your API requests when you use platform routing. When you use BYOK, your prompts go directly to the underlying model provider and OpenRouter is not in the path.
• Railway (United States / Canada). Hosts the Modelith API, worker processes, and the primary PostgreSQL database.
• Vercel (United States). Hosts the marketing site and dashboard frontend at modelith.cloud.
• Resend (United States). Transactional email delivery for account, billing, security, and budget-alert messages. Receives the recipient address and the rendered email body.
• Upstash Redis (United States). Optional managed Redis used for rate limiting, governor state, and response cache. Stores counters and session fingerprints, not prompt content.

Each subprocessor is bound by a written data processing agreement that limits use of personal data to the purposes we instruct. We do not sell personal information to any party for any purpose.

The dashboard sets a single first-party authentication cookie (modelith_token) that carries a signed JWT. The same token is mirrored to localStorage so that client-side code can attach it to API requests without reading the cookie on every call. The marketing site does not set any cookie for anonymous visitors.

We do not use third-party advertising cookies. We do not embed analytics trackers that follow users across other sites. The full inventory of cookies and local storage is in the Cookie Policy.

Routing metadata retention is governed by the data_retention_hours server setting (default 0, meaning metadata is purged immediately after the request is settled) and the per-user override on the user record. The override is available to all paying customers; a value of 0 means purge immediately, a positive value N means retain for N hours, and the maximum permitted value is 2,160 hours (90 days).

Account data is retained while the account is active and for up to 7 years afterward as required for tax, billing, and legal recordkeeping. Design partner applications are retained for 24 months. Support emails are retained for 24 months. Audit log entries are retained for 13 months. Encrypted provider keys are deleted within 24 hours of account deletion.

Modelith operates from Algeria and uses infrastructure providers in the United States and Canada. When you use the service from outside those jurisdictions, your data is transferred to and processed in the United States and Canada. We rely on the European Commission’s Standard Contractual Clauses (SCCs) and equivalent UK international data transfer agreement (IDTA) for transfers from the European Economic Area, the United Kingdom, and Switzerland to jurisdictions that have not received an adequacy decision.

Where required, you may request a copy of the relevant transfer mechanism by emailing privacy@modelith.cloud.

Depending on your location, you may have some or all of the following rights with respect to your personal data:

• Access: request a copy of the personal data we hold about you
• Correction: request that we correct inaccurate or incomplete data
• Deletion: request that we delete your personal data, subject to legal retention obligations
• Portability: receive a machine-readable export of the data you provided to us
• Objection or restriction: object to or request restriction of certain processing
• Opt-out of sale: we do not sell personal data, so this right is not applicable

To exercise any of these rights, email privacy@modelith.cloudfrom the address on file. We respond to verified requests within 30 days. EU and UK residents may also lodge a complaint with the relevant supervisory authority; California residents may contact the California Privacy Protection Agency.

Modelith complies with the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”), the UK GDPR, the California Consumer Privacy Act as amended by the CPRA, and equivalent privacy frameworks. We do not knowingly sell or share personal information for cross-context behavioural advertising. We do not collect sensitive personal information as defined under CPRA.

Modelith does not currently hold formal third-party certifications (SOC 2 Type II, ISO 27001). The Trust Center documents the engineering controls we apply today and the certifications we have on the public roadmap.

We apply encryption in transit (TLS 1.2 or higher on all public endpoints), encryption at rest for provider keys (Fernet) and the primary database (disk-level encryption provided by the infrastructure vendor), per-key rate limits, scoped API permissions, and audit logging of authentication and account events. The full security posture is documented in the Security page. Report concerns to security@modelith.cloud.

Modelith is not directed at children under 16 (or under 13 in the United States, as defined by COPPA). We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, email privacy@modelith.cloud and we will delete the data within 7 days.

We may update this Privacy Policy. Material changes will be announced by email to active subscribers at least 30 days before the change takes effect and will be reflected in the “Last updated” date at the top of the page. Non-material changes (clarifications, typo fixes, contact updates) are effective immediately on publication. Continued use after the effective date of any change constitutes acceptance of the updated policy.