Privacy Policy
Review how GetRouter handles privacy and personal information.
GetRouter Privacy Policy
Last Updated: July 5, 2026
GetRouter ("GetRouter", the "Platform", "we", "us", or "our") provides AI API aggregation, routing, wallet top-up, usage metering, API key management, and related software-as-a-service features (the "Service"). This Privacy Policy explains how we collect, use, store, disclose, transfer, and protect personal information and related data when you access or use the Service.
If you have questions about this Privacy Policy or wish to exercise privacy rights, use the contact methods listed in Section 14.
1. Scope and Geographic Notice
This Privacy Policy applies to users who access the Service from supported jurisdictions outside mainland China, Hong Kong, and Macau. If you are located in an unsupported, sanctioned, or restricted jurisdiction, you must not register for, pay for, or use the Service.
For compliance, fraud prevention, security, payment, and operational purposes, we may process information such as IP address, account region declarations, payment metadata, login activity, and API usage metadata to determine eligibility and enforce geographic, sanctions, payment, or risk-control restrictions.
2. Information We Collect
2.1 Account Information
When you register or use the Service, we may collect your email address, username or nickname, encrypted password or authentication credentials, account ID, login status, account settings, language or theme preferences, and security-related account information.
2.2 Payment and Billing Information
Payments are processed by the payment processor or Merchant of Record shown at checkout, which may include Waffo Pancake or another payment service provider. We do not directly store your full card number, CVV, security code, bank account password, or complete payment credentials.
We may receive and store payment-related metadata necessary to operate the Service, including order ID, transaction ID, payment status, payment amount, currency, top-up amount, refund status, invoice or receipt references, checkout session ID, fraud review status, chargeback information, and timestamps.
2.3 API Usage Metadata
To provide billing, quota deduction, troubleshooting, abuse prevention, service monitoring, and compliance review, we may collect API usage metadata such as account ID, API key identifier, model name, request time, response status, error code, latency, input token count, output token count, usage cost, IP address, and similar operational logs.
2.4 API Request and Response Content
GetRouter acts as an AI API gateway and forwarding service. To deliver the Service, your API request content may be temporarily processed and forwarded to third-party AI model providers, and model responses may be temporarily processed and returned to you.
By default, we do not use your API request content or model response content to train AI models, and we do not sell such content. We generally do not retain request bodies or model response bodies long-term unless necessary for troubleshooting, security investigation, abuse prevention, dispute handling, legal compliance, or features you explicitly enable, such as logging, tracing, or history.
Third-party AI model providers may process your request content, response content, and related metadata under their own terms, privacy policies, and technical systems.
2.5 Support Communications
If you contact us, we may process your email address, account identifiers, support messages, attachments you voluntarily provide, billing references, error screenshots, logs, and other information needed to respond to your request.
2.6 Cookies and Local Storage
We may use cookies and local storage for login sessions, account security, CSRF protection, language preferences, theme preferences, and basic console functionality. You can clear cookies through your browser settings, but disabling necessary cookies may prevent login or account management features from working correctly.
3. How We Use Information
We use information for the following purposes:
Creating, authenticating, securing, and managing user accounts;
Providing API forwarding, model routing, quota metering, and billing records;
Processing top-ups, payment confirmations, refunds, invoices, receipts, and billing disputes;
Detecting abuse, fraud, stolen credentials, chargeback abuse, attacks, and policy violations;
Maintaining service availability, troubleshooting errors, and improving reliability;
Communicating service notices, security alerts, payment notices, and support responses;
Complying with legal, tax, accounting, sanctions, payment network, and regulatory obligations;
Enforcing the GetRouter Terms of Service and third-party provider requirements.
4. Third-Party Service Providers
We may share necessary information with third-party service providers only to the extent needed to provide, secure, bill, support, and improve the Service. These providers may include:
Payment processors and Merchants of Record, including Waffo Pancake where applicable: payment checkout, payment processing, tax handling, receipts, refunds, fraud review, and payment disputes;
Third-party AI model providers: processing API requests and returning model outputs;
Cloud hosting, database, and infrastructure providers: hosting, storage, backups, networking, and system operations;
CDN and security providers: traffic acceleration, DDoS mitigation, firewall rules, bot detection, and security monitoring;
Email and communication providers: account verification, security notices, support replies, and service notifications;
Monitoring and logging providers: error diagnosis, service reliability, and security investigation.
Third-party AI model providers and payment processors may process data under their own terms, privacy policies, compliance obligations, and technical systems. You should review applicable third-party terms when relevant to your use case.
5. Legal Bases for Processing
Where applicable data protection laws require a legal basis, we process information based on one or more of the following:
Performance of a contract, including account creation, API forwarding, billing, quota management, and customer support;
Your consent, where required for optional features or specific processing activities;
Compliance with legal, tax, accounting, sanctions, export control, regulatory, or payment obligations;
Legitimate interests, including fraud prevention, security, troubleshooting, service improvement, dispute handling, and protection of users or third parties;
Protection of vital interests or public interests where permitted by law and necessary.
6. Cross-Border Data Transfers
GetRouter serves users internationally. Our infrastructure, payment processors, AI model providers, cloud providers, security providers, monitoring tools, and support tools may be located in different countries or regions. As a result, your information may be transferred to, stored in, or processed outside your country or region.
Where required by applicable law, we will use reasonable safeguards for cross-border transfers, such as encryption in transit, access controls, data processing agreements, standard contractual clauses, or other appropriate transfer mechanisms.
7. Data Retention
We retain information only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer period is required for legal, tax, accounting, billing, refund, dispute, security, fraud prevention, or compliance reasons.
Basic account information: generally retained while your account is active and for a reasonable period after closure;
API keys and credentials: retained while active and invalidated after deletion or account closure;
API usage metadata: generally retained for service operation, billing, troubleshooting, fraud prevention, and security purposes;
Payment and billing records: retained as needed for tax, accounting, refund, chargeback, fraud prevention, and compliance purposes;
Support and dispute records: retained as needed to resolve support issues, appeals, legal claims, or payment disputes;
Security incident records: retained as needed for investigation, mitigation, audit, and compliance.
When information is no longer needed, we will delete, anonymize, or de-identify it where reasonably practicable.
8. Data Security
We use reasonable technical and organizational measures to protect information, including HTTPS/TLS transmission, password hashing, access controls, credential management, logging restrictions, infrastructure hardening, risk monitoring, and security incident response processes.
No internet service can be guaranteed to be completely secure. You are responsible for protecting your account password, API keys, access tokens, devices, and integrated systems. If you suspect unauthorized access or credential leakage, contact us immediately through the contact methods listed in Section 14.
9. Your Privacy Rights
Depending on your jurisdiction, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal information. You may also have the right to withdraw consent, opt out of certain uses, or complain to a competent data protection authority.
To exercise privacy rights, use the contact methods listed in Section 14. We may ask you to verify your identity before processing your request. We may refuse or limit requests where permitted by law, including where data must be retained for billing, tax, fraud prevention, security, legal claims, payment disputes, chargebacks, or compliance obligations.
10. No Sale of Personal Information
We do not sell your personal information. We do not use your API request content or model response content for cross-context behavioral advertising. If our practices change in the future, we will update this Privacy Policy and provide any legally required choices.
11. Minors
The Service is intended only for users who are at least 18 years old or the age of majority in their jurisdiction. We do not knowingly collect personal information from minors. If we learn that a minor has used the Service, we may suspend the account and delete or restrict relevant data where appropriate.
12. Third-Party Links and Services
The Service may link to third-party websites, payment pages, AI model providers, documentation, communities, or tools. Their privacy practices are governed by their own policies. We are not responsible for third-party privacy practices except where applicable law requires otherwise.
13. Changes to This Privacy Policy
We may update this Privacy Policy for legal, compliance, payment, technical, security, operational, or business reasons. Material changes will be announced through the website, console, email, or other reasonable means where practicable.
Continued use of the Service after changes take effect means you accept the updated Privacy Policy. If you do not agree to the updated Privacy Policy, you must stop using the Service.
14. Contact Us
For privacy, data protection, support, billing, refund, legal, or security requests, contact us through:
Email: [email protected]
Telegram: @getrouterai
By registering, adding funds, purchasing credits, creating an API key, making API calls, or continuing to use the Service, you acknowledge that you have read and understood this Privacy Policy.