TC
CacheGateway

Privacy Policy

Last updated: May 16, 2026

Introduction

CacheGateway LLC ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI Gateway platform and services.

Information We Collect

Account Information

When you create an account, we collect your email address, name, and password. This information is used to provide you with access to our platform and communicate with you about your account.

Provider API Keys (BYOK)

We operate on a Bring-Your-Own-Keys model. When you register a provider API key (e.g., your OpenAI key), we store only a SHA-256 hash of the key — never the plaintext key, and no recoverable copy of any kind. The hash is one-way: it cannot be reversed to recover your key.

On each request, the gateway hashes the incoming Authorization header, matches that hash against our database to identify your Lane, and forwards your original, unmodified key directly to the upstream provider. The plaintext key exists only in memory for the duration of that single request. We never store, log, replay, or expose your provider keys outside of this single-request pass-through, and revoking a key in the cockpit removes its hash immediately. See our BYOK Security Disclosure for the full data-flow breakdown.

API Request Data

We collect and process metadata about your API requests, including request/response payloads, model selections, provider, token counts, cost, latency, and cache status. This data is used to provide analytics, debugging, and quota enforcement. Your request data is used solely to deliver our services. We do NOT train AI models on your data and do NOT share request payloads with third parties beyond the AI model provider you target with each request.

Usage Information

We automatically collect information about how you interact with our platform, including API calls, provider usage patterns, token consumption, response times, and system logs. This helps us improve our services and provide technical support.

Payment Information

Payment processing is handled by secure third-party providers (Stripe). We do not store your complete credit card information on our servers.

How We Use Your Information

  • To provide, operate, and maintain our AI Gateway services
  • To route your API requests to appropriate AI model providers
  • To monitor and analyze AI agent behavior and performance
  • To provide debugging, observability, and cost optimization features
  • To communicate with you about your account and services
  • To provide technical support and respond to your inquiries
  • To improve our platform and develop new features
  • To detect and prevent fraud, abuse, and security issues
  • To comply with legal obligations and enforce our terms

Data Security

We implement industry-standard security measures to protect your data, including:

  • End-to-end encryption for data in transit and at rest
  • Secure infrastructure hosted on enterprise-grade cloud providers
  • Regular security audits and vulnerability assessments
  • Access controls and authentication mechanisms
  • Automated backups and disaster recovery procedures

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Data Retention

We retain account-level information for as long as your account is active. API request logs and per-request metadata follow tier-based retention:

  • Free: 7 days
  • Starter: 30 days
  • Pro: 90 days
  • Scale: 365 days

Daily usage aggregates (total request counts and costs per day, no payload contents) are retained for billing and analytics purposes for the lifetime of your account. You may request deletion of your data at any time by contacting us at privacy@cachegateway.com; we will delete request logs within 30 days and aggregates within 90 days unless required to retain longer by law (e.g., tax records).

Data Sharing and Disclosure

We do not sell your personal information. We rely on the following third-party processors to deliver our service, all governed by their own privacy policies:

  • Cloudflare: Edge compute (Workers), database (D1), key-value cache (KV), object storage (R2), queues, and vector search (Vectorize). Cloudflare's privacy policy: cloudflare.com/privacypolicy
  • Clerk: Authentication, user management, session tokens. Clerk's privacy policy: clerk.com/privacy
  • Stripe: Payment processing, billing, subscription management. We never see or store your full credit card details. Stripe's privacy policy: stripe.com/privacy
  • AI Model Providers: Your API requests are forwarded to the AI provider you target (OpenAI, Anthropic, Google AI — plus any other provider we add later) using your own provider API key. Each provider's data handling is governed by their respective terms and privacy policy.
  • Legal Requirements: When required by law, regulation, or valid legal process (court order, subpoena).
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, in which case the acquiring entity will be bound by this Privacy Policy as it stood at the time of transfer.

Regional Privacy Rights (GDPR / CCPA)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) provides you with specific rights regarding your personal data, including access, rectification, erasure, portability, and the right to object to processing. We process your data based on contractual necessity (to provide the service you signed up for) and legitimate interest (security, fraud prevention, analytics).

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the right to know what personal information we collect, to delete it, and to opt out of any sale (we do not sell personal information). We do not use sensitive personal information for any purpose beyond providing the service.

To exercise any regional privacy right, contact privacy@cachegateway.com. We will respond within 30 days.

Your Rights

You have the right to:

  • Access and receive a copy of your personal information
  • Correct inaccurate or incomplete information
  • Request deletion of your personal information
  • Object to or restrict certain processing of your information
  • Export your data in a portable format
  • Withdraw consent where we rely on consent for processing

To exercise these rights, please contact us at privacy@cachegateway.com.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of our services after changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

CacheGateway LLC
Email: privacy@cachegateway.com
Support: support@cachegateway.com