Privacy Policy

This Privacy Policy describes how RouterShift ("we", "us", or "our") collects, uses, stores, and shares your personal information when you use our website, API, and related services (collectively, the "Services"). We are committed to protecting your privacy and handling your data in a transparent and responsible manner. Please read this policy carefully to understand our practices regarding your personal data.

We collect several categories of information: (a) Account Information — your name, email address, company name, and account credentials when you register; (b) Payment Information — billing address and payment method details (processed securely by our payment processor; we do not store full credit card numbers); (c) Usage Data — API request logs including timestamps, model names, token counts, request metadata, and IP addresses; (d) User Content — the prompts, messages, files, and other content you submit to the API for processing; (e) Device Information — browser type, operating system, device identifiers, and approximate location inferred from IP address; (f) Communication Data — records of your communications with our support team, including emails and chat logs.

We use your information for the following purposes: to provide, maintain, and improve the Services; to process your transactions and manage your account; to authenticate your API requests and enforce usage limits; to communicate with you about your account, including billing notices and service updates; to detect, prevent, and investigate fraud, abuse, and security incidents; to comply with legal obligations and enforce our Terms of Service; to analyze usage patterns and improve the performance and reliability of the Services; and to send you marketing communications (with your consent, where required by law). We do not use your User Content to train AI models.

We share your information only in the following circumstances: (a) With AI Providers — when you make API requests, your prompt content is transmitted to the third-party AI provider serving that model, solely for the purpose of generating a response; (b) With Service Providers — we engage trusted third-party providers for payment processing, cloud hosting, analytics, and customer support, who are contractually bound to protect your data; (c) For Legal Reasons — we may disclose information if required by law, court order, or governmental regulation, or to protect the rights, property, or safety of RouterShift, our users, or the public; (d) With Your Consent — we may share information with third parties when you direct us to do so; (e) Business Transfers — in connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

We use cookies and similar tracking technologies on our website to authenticate sessions, remember preferences, analyze usage patterns, and deliver relevant content. You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Services. We use essential cookies for authentication and session management, analytics cookies to understand how users interact with the Services, and preference cookies to remember your settings (such as language and theme). We do not use tracking cookies for advertising purposes.

We implement industry-standard technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS 1.3) and at rest (AES-256), access controls with multi-factor authentication for administrative systems, regular security audits and penetration testing, network monitoring and intrusion detection systems, and secure software development practices with regular dependency updates. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

We retain your personal information for as long as your account is active or as needed to provide the Services. API request logs are retained for 90 days for debugging and billing purposes, after which they are aggregated or deleted. User Content submitted to the API is processed in real-time and is not persistently stored beyond what is required to generate and return a response (typically milliseconds), unless you explicitly enable logging features. Billing and payment records are retained for the period required by applicable tax and accounting regulations. Upon account deletion, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

Depending on your jurisdiction, you may have certain rights regarding your personal data: (a) Access — request a copy of the personal data we hold about you; (b) Rectification — request correction of inaccurate or incomplete data; (c) Deletion — request deletion of your personal data ("right to be forgotten"); (d) Portability — request a copy of your data in a structured, machine-readable format; (e) Objection — object to processing of your data for direct marketing or legitimate interest purposes; (f) Restriction — request restriction of processing under certain circumstances. To exercise any of these rights, contact us at privacy@routershift.com. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection authority.

The Services enable access to third-party AI model providers. When you use a model, your prompt content is transmitted to the applicable provider in accordance with that provider's privacy policy and data handling practices. We encourage you to review the privacy policies of the AI providers whose models you use. RouterShift is not responsible for the privacy practices of third-party providers. Additionally, our website may contain links to third-party websites and services. We do not control and are not responsible for the content or privacy practices of linked websites.

RouterShift is based in the United States, and your information may be processed and stored in the United States or other countries where our service providers operate. These jurisdictions may have data protection laws that differ from those in your country. When we transfer personal data across borders, we implement appropriate safeguards in accordance with applicable law, including Standard Contractual Clauses (SCCs) approved by the European Commission, and we ensure that recipients of your data provide an adequate level of protection.

The Services are not directed to individuals under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information promptly. If you believe a child has provided us with personal data, please contact us immediately at privacy@routershift.com.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Services. When we make material changes, we will notify you by email (to the address associated with your account) and/or by posting a prominent notice on our website. The "Last updated" date at the top of this policy indicates when it was most recently revised. We encourage you to review this policy periodically. Your continued use of the Services after any changes constitutes your acceptance of the updated Privacy Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: by email at privacy@routershift.com; or through the contact form in the console. For data protection inquiries specific to the European Economic Area (EEA), United Kingdom, or Switzerland, you may contact our EU Representative at eu-representative@routershift.com.