Privacy Policy

1. Information We Collect

When you create a CostLayer account, we collect your email address, name, and payment information (processed securely via Stripe). When you connect AI API providers, we collect read-only usage and billing metadata from your OpenAI, Anthropic, and Google AI accounts.

We do not collect, store, or access your API prompts, completions, conversation content, or any data processed through your AI API calls. CostLayer only reads billing and usage metadata.

2. How We Use Your Information

We use your information to provide and improve the CostLayer service, including displaying cost dashboards, generating model swap recommendations, calculating spend forecasts, and sending budget alert notifications. We also use anonymised, aggregated data to improve our algorithms and product.

3. Data Security

All API keys are encrypted at rest using AES-256-GCM. We use read-only API scopes exclusively and enforce TLS 1.3 for all data in transit. Our infrastructure is hosted on secure cloud providers with regular security audits. SOC 2 compliance is on our roadmap.

4. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes. We may share data with service providers who assist in operating our platform (e.g., Stripe for payments, cloud hosting providers) under strict data processing agreements.

5. Data Retention

We retain your account data and usage history for as long as your account is active. Upon account deletion, we remove all personally identifiable information within 30 days. Anonymised, aggregated data may be retained indefinitely for product improvement.

6. Your Rights

You have the right to access, correct, or delete your personal data at any time. You can export your data in CSV or JSON format from your dashboard settings. To request full data deletion, contact us at hello@costlayer.ai.

7. Cookies

CostLayer uses essential cookies for authentication and session management. We do not use tracking cookies or third-party advertising cookies. Analytics data is collected in aggregate using privacy-respecting tools.

8. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes via email or through a notice on our website. Your continued use of CostLayer after changes constitutes acceptance of the updated policy.

9. Contact

If you have questions about this privacy policy or our data practices, contact us at hello@costlayer.ai.