Back to Home

Privacy Policy

Last Updated: May 9, 2026

1. Overview

This Privacy Policy describes how Revelry AI ("Revelry", "we", "us") collects, uses, discloses, and safeguards personal information when you use our website at revelry-api.com, our API gateway service, dashboards, and related services (collectively, the "Services").

By using the Services you acknowledge that you have read and understand this Policy. If you do not agree, please do not use the Services.

This Policy applies to information we collect as a data controller. When you submit personal data of third parties through the Services, you act as the controller and we act as a processor on your behalf; in that case your own privacy notice and applicable law govern that processing.

2. Information We Collect

2.1 Information You Provide

  • Account data: username, email address, hashed password, role, and account status.
  • Billing data: top-up amounts, payment method indicators (Alipay or PayPal transaction identifiers), invoice information, and usage-derived charges. We do not store full card numbers.
  • Support communications: content of messages you send to support, including attachments.
  • Content submitted to the Services: prompts, instructions, files, and other inputs you send when invoking Models through the API ("Customer Content").

2.2 Information We Collect Automatically

  • Usage data: timestamps, API keys used, model called, input and output token counts, status codes, request duration, HTTP headers, and IP address.
  • Device and log data: browser type, operating system, referrer URL, and interactions with the dashboard.
  • Cookies and similar technologies: session cookies used for authentication and security. We do not use third-party advertising cookies.

2.3 Information From Third Parties

  • Payment providers (Alipay, PayPal): confirmation of transaction status, masked payer details.
  • Model providers: usage metering returned for your requests.
  • Email delivery providers (Amazon SES): delivery, bounce, and complaint signals for messages we send to you.

3. How We Use Information

We use personal information for the following purposes:

  • to provide, operate, and maintain the Services, including authenticating you, routing API requests, and metering usage;
  • to process top-ups, calculate charges, prevent payment fraud, and issue refunds;
  • to send transactional communications (verification codes, account notices, billing alerts, security alerts);
  • to detect, prevent, and respond to abuse, fraud, security incidents, and violations of our Terms;
  • to improve the reliability and performance of the Services through aggregated analytics (such as latency histograms and error rates) that do not target individuals;
  • to comply with legal obligations, respond to lawful requests from authorities, and enforce our agreements;
  • for any other purpose with your consent.

We do not use Customer Content to train our own models. We do not sell personal information.

5. How We Share Information

We share information only as described below:

  • Model providers (Anthropic, OpenAI, Amazon Web Services, Meta, DeepSeek, and others) to fulfill your API requests. Customer Content is transmitted to these providers subject to their terms and privacy practices.
  • Infrastructure providers (Amazon Web Services) that host the Services and store data.
  • Payment processors (Alipay, PayPal) to collect top-ups and issue refunds.
  • Email and communications providers (Amazon SES) to deliver transactional messages.
  • Professional advisors (lawyers, accountants, auditors) bound by confidentiality.
  • Authorities and third parties when required by law, court order, or to protect our rights, the rights of others, or the security of the Services.
  • In the event of a merger, acquisition, or sale of assets, to the successor entity, subject to equivalent privacy commitments.

6. International Data Transfers

The Services are operated from AWS servers located outside of Mainland China, Hong Kong, and Macau, with backups in Amazon S3. Upstream Model providers operate from various regions including the United States, Europe, and Asia Pacific. When you use the Services, your information may be transferred to, stored, and processed in countries other than your own.

Where applicable law requires, we implement appropriate safeguards for international transfers, including standard contractual clauses and equivalent protections.

7. Data Retention

We retain personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements.

  • Account data: retained while your account is active and for up to twelve (12) months after closure, then deleted or anonymized.
  • Request and response logs: retained for up to ninety (90) days for operational, security, and billing dispute purposes, then deleted or aggregated.
  • Customer Content (prompts and outputs): retained in logs no longer than ninety (90) days; we do not build persistent conversation histories unless you explicitly opt in.
  • Billing records: retained for seven (7) years or as required by applicable tax and accounting law.
  • Bounce and complaint records from email delivery: retained for up to two (2) years to maintain sender reputation.

8. Security

We implement reasonable technical and organizational measures to protect personal information, including: encryption in transit with TLS, hashed passwords (argon2id), encrypted storage of third-party API keys, access controls, rate limiting, application-layer monitoring, network-layer rate limiting with iptables, automatic security updates, and regular backups.

No system is perfectly secure. You are responsible for safeguarding your account credentials and API keys and for notifying us immediately if you suspect compromise. We will notify you and relevant regulators of security incidents as required by applicable law.

9. Your Rights

Depending on where you live, you may have the following rights regarding your personal information:

  • Access: obtain a copy of the personal information we hold about you.
  • Correction: request correction of inaccurate or incomplete information.
  • Deletion: request deletion, subject to retention obligations and legitimate interests.
  • Restriction or objection: restrict or object to certain processing.
  • Portability: receive your information in a machine-readable format.
  • Withdrawal of consent: withdraw consent where processing is based on consent.
  • Complaint: lodge a complaint with your supervisory authority.

To exercise these rights contact privacy@revelry-api.com. We may ask you to verify your identity before acting on a request. We will respond within thirty (30) days or such shorter period as required by law.

10. Children's Privacy

The Services are not directed to children under 18. We do not knowingly collect personal information from children under 18. If you believe a child has provided us personal information, contact privacy@revelry-api.com and we will delete it.

11. Cookies and Local Storage

We use strictly necessary cookies and browser local storage for authentication sessions, CSRF protection, and to remember your language preference (English or Chinese). We do not use advertising, tracking, or profiling cookies, and we do not embed third-party analytics that track individuals.

You can disable cookies in your browser, but doing so may prevent you from logging in or using the dashboard.

13. Changes to This Policy

We may update this Policy from time to time. Material changes will be announced via the Services or email at least fourteen (14) days before taking effect. The "Last Updated" date at the top indicates when this Policy was last revised. Your continued use of the Services after changes take effect constitutes acceptance of the updated Policy.

14. Contact

Questions, requests, or complaints about this Policy may be directed to privacy@revelry-api.com.