Home/Privacy Policy

Privacy Policy

How we protect and handle your data

Last Updated: November 25, 2025

Welcome to ThriftyAI ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your data. This Privacy Policy explains how we collect, use, and share your personal information when you use our AI Gateway, Semantic Caching, and related services (the "Service").

By using ThriftyAI, you agree to the collection and use of information in accordance with this policy.

1. Data Controller

For the purposes of the General Data Protection Regulation (GDPR) and the Law on Protection of Personal Data No. 6698 (KVKK) of the Republic of Türkiye, the Data Controller is:

ThriftyAI
[Şirket Adresi veya Şehir Buraya - Örn: Istanbul, Türkiye]
Contact: [contact@thriftyai.email]

2. Information We Collect

A. Account Information

When you sign up, we collect:

  • Email address
  • Name / Username
  • Authentication data (via Google or GitHub providers)

B. Usage and API Data (The Core Service)

Since ThriftyAI acts as an AI Gateway and Caching layer, we process the following:

  • Prompts and Completions: We store the text inputs (prompts) and AI outputs to provide our Semantic Caching feature. This data is converted into vector embeddings.
  • ThriftyAI API Keys: We generate and store virtual API keys for you to authenticate with ThriftyAI. Important: We do NOT store your AI provider API keys (OpenAI, Anthropic, etc.). These keys are only used to forward requests to providers and pass through our system without being stored.
  • Logs: We collect metadata about your requests (latency, token usage, timestamps, error rates) to provide Analytics and Usage dashboards.

C. Payment Information

We do not store your credit card details. All payments are processed by our Merchant of Record, Lemon Squeezy. We only receive transaction status, subscription details, and tax-related info necessary to activate your account.

3. How We Use Your Information

We use your data for the following purposes:

  • To Provide the Service: To route your AI requests, cache responses for cost savings, and manage your API budget.
  • To Improve Performance: Using usage data to optimize our caching algorithms and gateway latency.
  • Security & Compliance: To detect "Prompt Injection" attacks and, if enabled by you, to perform PII Redaction (masking sensitive data like credit cards or emails before they reach AI providers).
  • Communication: To send you transactional emails (invoice, quota alerts) or product updates.

4. Data Sharing and Third Parties

We do not sell your data. We share data only with the following sub-processors to run the service:

  • AI Providers: (e.g., OpenAI, Anthropic) – Only the prompts you send are forwarded to them to generate responses (unless a Cache Hit occurs).
  • Database & Hosting: (e.g., Supabase, Vercel) – To store logs, vectors, and host the application.
  • Payments: (Lemon Squeezy) – To process subscriptions and taxes.

5. International Data Transfers

ThriftyAI operates globally. Your data may be transferred to and processed in servers located outside of your country (e.g., USA, EU). By using the service, you consent to this transfer. We rely on Standard Contractual Clauses (SCCs) and adequate security measures to protect your data during transfer.

6. Your Rights (GDPR & KVKK)

Under Turkish Law (KVKK) and GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of incorrect data.
  • Request deletion of your data (Right to be Forgotten).
  • Object to the processing of your data.
  • Purge Cache: You have the specific tool within our dashboard to manually purge/delete cached entries associated with your account.

To exercise these rights, please contact us at [contact@thriftyai.email].

7. Data Retention

We retain your API logs and cached data for as long as your account is active or as needed to provide you with the Service (e.g., for the cache to be effective). You can configure the "Cache TTL" (Time-To-Live) in your settings to control how long data remains valid.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.