Our Privacy Policy

1. Introduction

Costimized ("we," "us," or "our") operates as an LLM API cost optimization service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

2.1 Account Information

  • Email address and account credentials
  • Organization name and contact details
  • Billing information (processed securely via PayStack)
  • Team member information and roles

2.2 Usage Data

  • API request metadata (timestamp, model, token counts)
  • Request patterns and frequency analysis
  • Optimization performance metrics
  • Error logs and technical diagnostics

2.3 Technical Information

  • IP addresses and device identifiers
  • Browser type and version
  • Operating system information
  • Access logs and session data

3. What We DON'T Collect

We explicitly DO NOT collect, store, or access:

  • Your actual prompts or conversations
  • LLM responses or generated content
  • Your provider API keys (OpenAI, Anthropic)
  • Personal data within your LLM requests

4. How We Use Your Information

4.1 Service Provision

  • Optimize your LLM API costs through caching and routing
  • Provide usage analytics and savings reports
  • Enable account management and billing
  • Deliver technical support and service improvements

4.2 Communication

  • Send service updates and security notices
  • Provide customer support responses
  • Share usage reports and optimization insights
  • Process billing and subscription communications

4.3 Analytics and Improvement

  • Analyze aggregate usage patterns (anonymized)
  • Improve optimization algorithms
  • Enhance service performance and reliability
  • Develop new features and capabilities

5. Information Sharing and Disclosure

5.1 We Never Share

  • Individual customer data with third parties
  • Proprietary optimization insights or patterns
  • Personal information for marketing purposes
  • Data with competitors or unauthorized parties

5.2 Limited Disclosure

We may disclose information only in these circumstances:

  • Legal Requirements: Court orders, subpoenas, regulatory requests
  • Service Providers: Trusted vendors (hosting, payment processing) under strict contracts
  • Business Transfer: In case of merger, acquisition, or asset sale with appropriate safeguards
  • Safety Protection: To prevent fraud, abuse, or security threats

6. Data Security

6.1 Technical Safeguards

  • End-to-end encryption for all data transmission
  • Secure cloud infrastructure with enterprise-grade protections
  • Regular security audits and penetration testing
  • SOC 2 Type II compliance (in progress)

6.2 Access Controls

  • Multi-factor authentication requirements
  • Role-based access permissions
  • Regular access reviews and deprovisioning
  • Employee background checks and training

6.3 Data Retention

  • Account data: Retained while account is active + 90 days
  • Usage metadata: 2 years for optimization improvements
  • Billing records: 7 years for tax and legal compliance
  • Cached data: Configurable TTL (default 30 days, max 1 year)

7. Your Rights and Choices

7.1 Access and Control

  • View and download your usage data via dashboard
  • Update account information and preferences
  • Configure data retention and optimization settings
  • Export usage reports and analytics

7.2 Data Rights (GDPR/CCPA)

  • Access: Request copies of your personal data
  • Correction: Update inaccurate or incomplete information
  • Deletion: Request removal of your data (subject to legal retention)
  • Portability: Export your data in machine-readable formats
  • Opt-out: Withdraw consent for non-essential processing

7.3 Marketing Communications

  • Unsubscribe from promotional emails
  • Opt out of product updates and newsletters
  • Configure notification preferences in dashboard

8. Cookies and Tracking

8.1 Essential Cookies

  • Session management and authentication
  • Security and fraud prevention
  • Service functionality and preferences

8.2 Analytics Cookies

  • Usage statistics and service improvement
  • Performance monitoring and error tracking
  • A/B testing for feature optimization

8.3 Cookie Control

  • Browser settings to control cookie acceptance
  • Dashboard preferences for analytics cookies
  • Third-party cookie policies apply to integrated services

9. International Data Transfers

9.1 Data Location

  • Primary data processing in United States
  • Backup and disaster recovery in secure global facilities
  • Compliance with applicable international data transfer laws

9.2 Transfer Safeguards

  • Standard Contractual Clauses for EU data transfers
  • Adequacy determinations where applicable
  • Additional safeguards for sensitive data transfers

10. Children's Privacy

Costimized is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware of such collection, we will delete the information immediately.

11. Changes to This Policy

11.1 Updates

We may update this Privacy Policy to reflect:

  • Changes in our data practices
  • New legal requirements
  • Service enhancements or modifications
  • User feedback and industry best practices

11.2 Notification

  • Email notification for material changes
  • Dashboard notification and consent requests
  • 30-day advance notice for significant modifications
  • Continued use constitutes acceptance of updates

12. Contact Information

founders@costimized.com

Built with v0