Privacy Policy

Last updated: January 29, 2026

1. Introduction

This Privacy Policy describes how EndpointAI ("we", "us", or "our") collects, uses, and protects your information when you use our Service. We are committed to protecting your privacy and handling your data responsibly.

2. Information We Collect

We collect the following types of information:

  • Account Information: Name, email address, and encrypted password when you register
  • Payment Information: Payment details are processed by Razorpay. We store transaction IDs and subscription status but do not store card numbers or bank details
  • Usage Data: API call counts, token usage, timestamps, and model selections for billing and analytics
  • Technical Data: IP address, browser type, and device information for security and service improvement

3. How We Use Your Information

  • To provide and maintain the Service
  • To process payments and manage subscriptions
  • To monitor usage and enforce rate limits
  • To send important service notifications (billing, security, maintenance)
  • To improve the Service and develop new features
  • To prevent fraud and ensure security

4. API Request Data

We do not store the content of your API requests (prompts) or API responses beyond what is necessary for real-time processing. Your prompts and completions are not used to train any AI models. We only log metadata such as token counts, model used, and timestamps for billing and usage tracking.

5. Data Storage & Security

Your data is stored in Google Firebase Firestore with encryption at rest and in transit. Passwords are hashed using bcrypt. API keys are generated using cryptographically secure methods. We implement industry-standard security measures to protect your data from unauthorized access, alteration, or destruction.

6. Third-Party Services

We use the following third-party services:

  • Google Firebase: Database and infrastructure hosting
  • Razorpay: Payment processing (subject to Razorpay's privacy policy)

These services have their own privacy policies and data handling practices. We only share the minimum data necessary for these services to function.

7. Data Retention

Account data is retained as long as your account is active. Usage logs are retained for up to 90 days for billing and analytics. Payment records are retained as required by applicable tax and financial regulations. You may request deletion of your account and associated data at any time.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and data
  • Export your usage data
  • Withdraw consent for non-essential data processing

9. Cookies

We use essential cookies for authentication (JWT tokens stored in cookies). We do not use tracking cookies or third-party advertising cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the Service. The "Last updated" date at the top reflects the most recent revision.

11. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at support@aiapi.com.