Skip to content
jusInfer
Legal

Privacy Policy

Last updated 2026-05-29

Privacy Policy

Effective date: 2026-05-29

This Privacy Policy describes how Kalmantic ("we", "us", "our") collects, uses, and shares your data when you use the jusInfer platform, API, and website (the "Service"). It supplements our Terms of Service.

Plain-English summary. We collect the minimum we need to authenticate you, bill you, and route your API calls. We do not sell your data. We do not train models on your prompts. Upstream LLM providers we route to have their own data policies. You can delete your account and your data anytime from the dashboard.

1. What we collect

Account data

When you sign up via Google or Microsoft single sign-on, your identity provider passes us:

  • Your email address
  • Your display name (if your account exposes it)
  • A unique user identifier (Firebase UID)

We do not receive or store your password.

Billing data

When you purchase credits or a seat subscription, Stripe processes the payment. We receive:

  • Your customer ID (Stripe-issued)
  • Invoice ID, amount, currency, status
  • For presentment-currency support: the local amount and currency (e.g. INR paisa, USD cents)

We do not receive or store your full credit card number, CVV, or bank credentials. Stripe handles those.

Usage data

For every API call you make:

  • The selected model id (the one you sent or the one our router picked)
  • Prompt tokens, completion tokens, latency, country (from request headers)
  • Tenant id, user id (for per-user attribution and soft caps)
  • A request id (for support and debugging)
  • The first ~500 characters of any error message returned by an upstream provider

We do not log full prompts or model responses in standard operation. If you opt into AI Gateway analytics (see Section 4), the prompt and response payloads are logged in Cloudflare AI Gateway under your jusInfer account.

Telemetry

We collect anonymized aggregate metrics (request counts per region, error rates, model distribution) to operate and improve the Service. These metrics do not identify individual users.

Cookies

See our Cookie Policy.

2. How we use your data

We use your data to:

  • Operate the Service: authenticate sign-ins, route API requests, enforce quotas, render the dashboard
  • Bill accurately: compute charges, send receipts, process refunds
  • Communicate with you: send transactional emails (welcome, invoice, account changes, security alerts) and — only if you opt in — marketing emails
  • Improve the Service: analyze aggregate routing patterns to tune model selection, identify outages, plan capacity
  • Comply with law: respond to lawful requests from authorities, enforce our Terms, prevent fraud and abuse

We do not:

  • Use your prompts or model responses to train Kalmantic-owned models
  • Sell your data to advertisers or data brokers
  • Share your data with third parties except as described in Section 4

3. Legal basis (GDPR / UK GDPR)

If you are in the EEA, UK, or Switzerland, our legal basis for processing your data is:

  • Performance of a contract — for everything required to deliver the Service you signed up for
  • Legitimate interest — for security, fraud prevention, and aggregate analytics
  • Consent — for marketing emails and non-essential cookies (you can withdraw at any time)
  • Legal obligation — for tax records, fraud reports, and lawful disclosure requests

4. Sharing your data

We share data with these categories of third parties, only to the extent necessary:

RecipientWhatWhy
Firebase / Google CloudEmail, name, UIDAuthentication
StripeCustomer/invoice/payment dataPayment processing
CloudflareRequest metadata, IP address (transit-only)DNS, CDN, edge compute (Workers + D1 + KV)
Cloudflare AI GatewayPer-request metadata (tenant id, user id, model)Cost analytics + retry/fallback policies
Upstream LLM providers (DeepSeek, Workers AI, OpenRouter, others we add)The contents of your API requestsTo generate the response. Each provider has its own data policy.
ResendEmail address, message bodyTransactional email delivery
Government / law enforcementAccount or usage dataOnly when required by valid legal process

Important: when we route your request to an upstream LLM provider, that provider receives your prompt. Each upstream has its own privacy and data-retention policy. We route by default to providers with reasonable policies, but we cannot control how a third-party LLM provider processes data once it leaves jusInfer. For workloads with strict data-residency requirements, contact us — we can pin routing to a specific upstream.

We do not sell personal information as defined under the California Consumer Privacy Act ("CCPA") or any other applicable law.

5. International data transfers

jusInfer runs on Cloudflare's global edge network. Your data may be processed in any region where Cloudflare operates, including the United States, Europe, Asia, and elsewhere. Upstream LLM providers may also process data in regions outside your home country.

For transfers from the EEA/UK to the United States or other "third countries", we rely on Standard Contractual Clauses or equivalent transfer mechanisms.

6. Retention

DataRetention
Account dataUntil you delete your account, plus 30 days for backup recovery
Billing records7 years (tax law)
Usage telemetry (aggregated)24 months
Per-request usage logs (tenant, model, tokens)13 months
Pre-registration entriesUntil reviewed, then either converted to an account or kept for 12 months for waitlist analysis
Support correspondence24 months after the issue closes

When you delete your account, we delete or anonymize your data within 30 days, except where law requires longer retention (e.g. tax records).

7. Your rights

Regardless of where you live, you can:

  • Access your data via the dashboard
  • Correct your account profile from the dashboard
  • Delete your account from the dashboard (instructions at /developer/)
  • Export your usage data and invoices via the dashboard

If you're in the EEA/UK/Switzerland or California, you also have these rights:

  • Right to portability — receive your data in a machine-readable format
  • Right to restrict or object to certain processing
  • Right to withdraw consent at any time for consent-based processing
  • Right to lodge a complaint with your local data protection authority

To exercise any of these rights, email privacy@jusinfer.com. We will respond within 30 days.

If you are in California, the CCPA gives you additional rights including the right to opt out of "sale" of personal information. We do not sell personal information, so there is nothing to opt out of, but you can exercise your other CCPA rights by emailing the same address above.

8. Children's privacy

The Service is not directed to children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact privacy@jusinfer.com and we will delete it.

9. Security

We use industry-standard safeguards including:

  • TLS for all data in transit
  • AES at rest (via Cloudflare D1 and KV)
  • Hashed API keys (we store SHA-256 of the token, never the plaintext)
  • Firebase Authentication for sign-in
  • Stripe PCI-DSS-compliant payment processing
  • Principle of least privilege for internal access

No system is perfectly secure. If we discover a breach that affects your personal data, we will notify you within 72 hours where required by law.

10. Automated decision-making (GDPR Article 22)

jusInfer routes API requests between upstream LLM providers using rule-based heuristics (input length, reasoning hints, tool count, output budget). This routing decision is automated but has no legal or similarly significant effect on you as a person — it only determines which provider serves a given technical request. Under GDPR Article 22, this kind of routing does not trigger the right not to be subject to automated decision-making.

If we add automated systems that make decisions with legal or similarly significant effects on you (e.g. fraud-prevention auto-suspension), we will:

  • Update this section to disclose the system
  • Provide human review on request
  • Honor your right to contest the decision

Contact privacy@jusinfer.com to request human review of any automated decision.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced via email or dashboard notice at least 14 days before they take effect.

12. Contact

Email privacy@jusinfer.com with any privacy-related question or request. For our EU representative or DPO (when applicable), email the same address.

Kalmantic operates jusInfer. This Privacy Policy was last updated on 2026-05-29.