logo

Privacy Policy

Last updated: January 15, 2025

SYNTHAI LTD (“we,” “our,” or “us”) operates ApiCheap, an AI API service that provides cost-effective access to premium AI models. This Privacy Policy describes how we handle your information when you use our API services.

Our Core Privacy Commitment: We do not store, retain, or use your API request content, prompts, or AI responses for any purpose.

1. Information We Do NOT Collect or Store

API Content (Zero Storage Policy)

  • User prompts and inputs: We do not store any text, images, or other content you send through our API
  • AI model responses: We do not retain any outputs or responses generated by AI models
  • Conversation history: We do not maintain logs of your API interactions or conversation flows
  • File uploads: Any files processed through our API are handled in memory only and immediately discarded

Training Data Prohibition

  • Your data is never used to train, improve, or develop AI models
  • We never share your content with AI model providers for training purposes
  • Your prompts and responses remain completely private and are not analyzed for any commercial purpose

2. Information We Do Collect

Account Information

  • Email address (for account creation and billing)
  • Account credentials and authentication tokens
  • Billing information (processed securely through third-party payment processors)

Technical Logs (Minimal and Content-Free)

We maintain minimal technical logs for service operation, which include:

  • API endpoint accessed
  • Request timestamp
  • Response status codes (success/error)
  • Request processing time
  • Authentication status
  • IP address (for security and abuse prevention)

Important: These logs contain no user content, prompts, or AI responses. They are automatically purged after 30 days.

Usage Analytics

  • API usage statistics (number of requests, tokens consumed)
  • Error rates and performance metrics
  • Billing and quota information

3. How We Process Your Data

Real-Time Processing Only

  1. Receive: Your API request is received by our secure infrastructure
  2. Route: Request is securely routed to the appropriate AI model provider
  3. Process: AI model processes your request and generates a response
  4. Return: Response is immediately sent back to you
  5. Delete: All content is immediately purged from our systems

Security Measures

  • End-to-End Encryption: All API communications use TLS 1.3 encryption
  • SOC 2 Compliance: Our infrastructure meets enterprise security standards
  • Access Controls: Strict employee access controls with audit logging
  • Network Security: Advanced firewalls and intrusion detection systems
  • Regular Security Audits: Independent third-party security assessments

4. Upstream AI Providers

Data Handling with Third-Party AI Services

When processing your requests, we work with leading AI providers including:

  • OpenAI (ChatGPT, GPT-4, DALL-E)
  • Anthropic (Claude)
  • Google (Gemini)
  • And other premium AI services

Our Agreements with Providers:

  • We have specific data processing agreements that prohibit using your data for training
  • Your requests are processed under enterprise-grade privacy terms
  • We ensure upstream providers do not retain or analyze your content

Provider-Specific Protections

  • All requests are sent through business/enterprise API endpoints
  • We negotiate the strongest available privacy protections with each provider
  • Your data is subject to the most restrictive data handling policies available

5. Data Sharing and Disclosure

We Do Not Share Your Data

  • Zero Third-Party Sharing: We never sell, rent, or share your personal information
  • No Marketing Use: Your data is never used for marketing or promotional purposes
  • No Analytics Sharing: Usage patterns are never shared with external parties

We may disclose minimal information only when:

  • Required by valid legal process (court orders, subpoenas)
  • Necessary to prevent immediate physical harm
  • Required to protect our legal rights or investigate fraud

Note: Any legal disclosure would be limited to account information only - never your API content.

6. Your Rights and Controls

Data Access Rights

  • Account Data: View and update your account information at any time
  • Usage Data: Access your API usage statistics and billing information
  • Data Export: Request a copy of your account data in standard formats

Data Deletion Rights

  • Account Deletion: Delete your account and all associated data at any time
  • Automatic Purging: Technical logs are automatically deleted after 30 days
  • Content Guarantee: API content is never stored, so no deletion is necessary

Regional Compliance

  • GDPR Compliance: Full compliance with European data protection regulations
  • CCPA Compliance: California Consumer Privacy Act protections
  • Global Standards: We meet or exceed international privacy standards

7. Data Location and Transfer

Processing Locations

  • Primary data processing occurs in secure cloud facilities in the United States and Europe
  • All facilities maintain SOC 2 Type II certification
  • Cross-border transfers are protected by appropriate safeguards

Data Residency Options

For enterprise customers, we offer:

  • Regional data processing preferences
  • Specific geographic restrictions on data handling
  • Custom data residency agreements

8. Cookies and Tracking

Website Cookies

Our website uses minimal cookies for:

  • Authentication: Keeping you logged in to your account
  • Preferences: Remembering your dashboard settings
  • Security: Protecting against cross-site request forgery

API Tracking

  • No Behavioral Tracking: We do not track your API usage patterns for advertising
  • No Cross-Service Tracking: Your API usage is not correlated with other services
  • Minimal Analytics: Only essential performance and error metrics

9. Children’s Privacy

Our service is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us immediately.

10. Data Breach Response

Incident Response Plan

  • Immediate Detection: 24/7 monitoring for security incidents
  • Rapid Response: Security team activation within 1 hour of detection
  • User Notification: Prompt notification if your data may be affected
  • Transparency: Public incident reports when appropriate

Your Protection

  • Financial Liability: We maintain cyber insurance for data incidents
  • Identity Protection: Credit monitoring services if personal data is compromised
  • Support: Dedicated support during any security incident

11. Privacy by Design

Technical Safeguards

  • Minimal Data Collection: We only collect what’s absolutely necessary
  • Automatic Deletion: Content is deleted by design, not by policy
  • Encryption Everywhere: Data is encrypted in transit and at rest
  • Zero-Knowledge Architecture: Our systems are designed so we cannot access your content

Operational Safeguards

  • Privacy Training: All employees receive comprehensive privacy training
  • Regular Audits: Quarterly internal privacy compliance reviews
  • External Oversight: Annual third-party privacy assessments

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable laws. When we make changes:

  • 30-Day Notice: We’ll notify you at least 30 days before significant changes take effect
  • Email Notification: Updates will be sent to your registered email address
  • Version History: Previous versions will be available for your review
  • Continued Use: Continued use of our service constitutes acceptance of the updated policy

13. Contact Us

Privacy Questions

If you have questions about this Privacy Policy or our privacy practices:

Email: contact@apicheap.ai (Subject: Privacy Inquiry) Mail: SYNTHAI LTD 71-75, Shelton Street, Covent Garden London, WC2H 9JQ, UNITED KINGDOM

Data Protection Officer

For EU users, you can contact our Data Protection Officer at: Email: dpo@apicheap.ai

Response Time

We respond to all privacy inquiries within 48 hours and resolve most issues within 5 business days.

Summary: Our Privacy Promise

Zero Content Storage: Your API requests and responses are never stored ✅ No Training Use: Your data never improves AI models ✅ Enterprise Security: SOC 2 compliant infrastructure ✅ Transparent Processing: Clear data handling with upstream providers ✅ User Control: Full access and deletion rights ✅ Legal Compliance: GDPR, CCPA, and international privacy standards ✅ Incident Response: Comprehensive data breach protection

Your privacy is not just our policy—it’s our architecture. We’ve built our entire system around the principle that your data remains yours, always.