1. Summary
Modelux is a developer tool operated by Modelux, Inc. We collect the minimum data required to operate the Service, proxy your API traffic, authenticate you, bill accurately, and provide analytics. We do not sell your personal data, and we do not use your Inputs, Outputs, or request logs to train machine-learning models.
This policy describes what we collect, how we use it, who we share it with, how long we keep it, and the rights you have over it. It applies to everyone who uses modelux.ai, app.modelux.ai, or any Modelux API.
2. What We Collect
2.1 Account Data
- Name and email address (via Google OAuth or passwordless email).
- Organization name, slug, and membership/role information.
- Billing details — processed by Stripe; we receive only a customer ID, subscription state, and invoice metadata.
2.2 Provider Credentials
Third-party Provider API keys and IAM credentials you add to Modelux. Encrypted at rest using envelope encryption with keys held in a managed KMS. Decrypted only in-process to sign outbound requests to the corresponding Provider. Never logged in plaintext.
2.3 Request Traffic
For every request you route through Modelux, we record:
- Timestamp, model, provider, project, API key used.
- Token counts and computed per-request cost.
- Latency measurements (time-to-first-token, total latency).
- Status code and error class on failures.
- Routing decision trace (which attempts ran, why).
- Tags you explicitly set on the request.
We also store the request and response payloads (the "Inputs" and "Outputs") per the retention window in your plan. Enterprise customers may disable payload retention entirely while still getting metrics.
2.4 Service Telemetry
- Pages viewed in the dashboard and marketing site.
- Approximate location (derived from IP) for fraud detection and latency debugging.
- Browser/client user-agent.
- Email deliverability events (opened, bounced) for transactional messages.
We do not use third-party ad-tech trackers or fingerprinting.
3. How We Use Data
- Operate the Service — authenticate you, route requests, compute cost, enforce budgets, generate analytics.
- Bill accurately and prevent abuse.
- Detect, investigate, and respond to security incidents.
- Communicate — transactional messages (login links, budget alerts, receipts) and, with your opt-in, product announcements.
- Improve the Service — internal debugging, reliability, and feature development.
- Comply with legal obligations.
4. Legal Bases (EEA/UK)
For users in the EEA and UK, our legal bases under GDPR/UK GDPR are:
- Contract — to provide the Service you signed up for.
- Legitimate interests — to secure the Service, prevent fraud, and improve our product.
- Consent — for optional marketing emails; you can withdraw at any time.
- Legal obligation — to comply with tax, accounting, and law-enforcement requirements.
5. Training
Modelux does not use your Inputs, Outputs, request logs, or
telemetry to train, fine-tune, or evaluate any machine-learning
model — ours or a third party's. Once a request reaches a
Provider, that Provider's data-handling policy governs; we pass
through any "no-training" flags the SDK supports (e.g.,
OpenAI's user field or Anthropic's zero-data-retention
flag) where you enable them.
6. Sub-processors
We share data with sub-processors strictly as necessary to operate the Service. Current sub-processors:
| Sub-processor | Purpose | Data |
|---|---|---|
| OpenAI, Anthropic, Google, AWS Bedrock, Microsoft Azure, Groq, Fireworks | LLM inference providers | Request payloads you explicitly route to them, using your credentials |
| Amazon Web Services | Cloud hosting, Postgres, object storage | All operational data |
| ClickHouse Cloud | Analytics database | Request logs and metrics |
| Stripe | Payment processing | Billing name, email, payment method, invoice line items |
| SendGrid | Transactional email | Email address, message content |
| Cloudflare | CDN, DNS, DDoS protection | Request metadata, IP addresses |
We maintain data-processing agreements with each sub-processor. The current list is kept up to date at this page; we notify Enterprise customers of material changes at least 30 days in advance.
7. International Transfers
Modelux is based in the United States and our infrastructure is primarily hosted there. For transfers of personal data from the EEA, UK, or Switzerland we rely on Standard Contractual Clauses or equivalent safeguards. Enterprise customers may request region-specific deployment.
8. Retention
| Data | Retention |
|---|---|
| Account profile, org membership | Until account deletion |
| Request logs (payloads) | 7 / 30 / 60 / 90+ days (Free / Pro / Team / Enterprise) |
| Analytics aggregates | 13 months rolling |
| Billing records | 7 years (tax law) |
| Audit log entries | Matches log retention tier; Enterprise configurable |
| System backups | 30 days |
On account deletion we remove or anonymize personal data within 30 days, subject to backup rotation and legal hold.
9. Security
- TLS 1.2+ required for all traffic to Modelux.
- Provider credentials encrypted at rest via envelope encryption with KMS-managed keys.
- Access to production systems restricted to named engineers, protected by SSO + hardware keys, audit-logged.
- Automated vulnerability scanning on dependencies and container images.
- Incident-response runbook with documented escalation and customer-notification commitments.
If we discover a breach that affects your data, we will notify affected customers without undue delay and at most within 72 hours of confirmation, consistent with GDPR Article 33 and equivalent laws.
10. Your Rights
Depending on your jurisdiction, you may have rights to:
- Access — get a copy of your personal data.
- Correct — fix inaccurate data.
- Delete — request erasure (subject to legal exceptions).
- Port — receive your data in a machine-readable format.
- Object / restrict — object to certain processing or restrict it.
- Withdraw consent — where processing is consent-based.
- Lodge a complaint — with your local data-protection authority.
Much of this is self-service in the dashboard. For anything else, email privacy@modelux.ai. We respond within 30 days.
11. California Residents (CCPA/CPRA)
We do not "sell" personal information as defined under the CCPA/CPRA, and we have not in the past 12 months. We disclose personal information to sub-processors as described in Section 6 for the purposes described in Section 3. You have the rights listed in Section 10; contact us at the address there to exercise them.
12. Children
Modelux is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us data, email us and we will delete it.
13. Changes
We may update this policy from time to time. Material changes will be announced by email or dashboard notice at least 14 days before taking effect. The "Last updated" date above indicates the most recent revision.
14. Contact
- Privacy: privacy@modelux.ai
- Security incidents: security@modelux.ai
- General inquiries: hello@modelux.ai