Privacy Policy

1. Overview

ModelBridge ("we", "us", "our") operates an AI API platform that provides access to large language models from multiple providers through a unified, OpenAI-compatible API endpoint. Our service handles authentication, request routing, usage tracking, billing, and team management on behalf of our users.

This privacy policy explains in detail what data we collect, how and why we process it, how long we retain it, and what rights you have regarding your personal information. It applies to all users of the ModelBridge platform, including the API, the web dashboard at modelbridge.dev, and any associated services.

By creating an account or using our API, you acknowledge that you have read and understood this privacy policy. If you do not agree with our practices, please do not use our services.

2. Data we collect

2.1 Account information

When you create a ModelBridge account, we collect and store:

• Full name and email address (provided via Clerk, our authentication provider)
• Clerk user ID and authentication session tokens
• Account preferences and settings (plan tier, billing mode, spending limits)
• Team memberships, roles, and team-level configurations

2.2 Payment and billing data

When you subscribe to a paid plan or add funds, we process:

• Stripe customer ID and subscription IDs (stored on our servers)
• Transaction history including amounts, dates, and plan changes
• Payment method type (e.g. "Visa ending in 4242") -- for display purposes only

We do not store full credit card numbers, CVVs, or bank account details. All payment processing is handled directly by Stripe, a PCI DSS Level 1 certified payment processor.

2.3 API request and response data

When you make API requests through ModelBridge, we may temporarily store:

• The full request payload (prompts, system messages, conversation history, tool definitions)
• The full response payload (model completions, tool calls, usage statistics)
• Request metadata: HTTP headers, IP address, user agent, request timing
• Model parameters: model name, temperature, max tokens, and other generation settings

This data is stored to enable request debugging, abuse detection, and to resolve billing disputes. It is automatically deleted after the retention period described in Section 3.

2.4 Usage metadata

For every API request, we permanently record the following metadata:

• Timestamp (request start and end time)
• Model name and upstream provider
• Token counts: input tokens, output tokens, cache read tokens, cache write tokens
• Computed cost in USD based on per-token pricing
• API key identifier (hashed, not the raw key)
• User ID and team ID (if the request was made via a team key)
• Request ID (a unique identifier for the request)

This metadata is retained for the lifetime of your account and is used for billing calculations, dashboard analytics, spend charts, and team usage reporting. It does not include the content of your prompts or completions.

3. Data retention

API request and response content (including prompts, completions, and associated payloads) is retained for a maximum of 30 days from the time of the request. After this period, all request/response content is automatically and permanently deleted from our systems. This data cannot be recovered after deletion.

Usage metadata (token counts, costs, timestamps, model names) is retained for the lifetime of your account. This data powers your dashboard analytics, billing calculations, spend-over-time charts, and team usage breakdowns.

Upon account deletion, we remove your personal data and usage metadata within 30 days, except where retention is required for legal, financial, or regulatory compliance purposes (e.g. tax records, fraud prevention).

4. Upstream AI providers

ModelBridge routes your API requests to third-party AI model providers based on the model you select. When a request is routed to an upstream provider, the full request payload (including your prompts, conversation history, and any attached files or images) is transmitted to that provider's API servers for processing. Your use of models from these providers is subject to their respective terms of service and privacy policies.

By using these models through ModelBridge, you acknowledge and agree to comply with the applicable upstream provider terms. ModelBridge is not responsible for how upstream providers handle, store, or process your data beyond what is described in their own policies.

We encourage you to review the linked policies to understand how your data is handled by each provider. Provider terms may change independently of ModelBridge's policies. It is your responsibility to review and accept the terms of any upstream provider whose models you use.

5. Self-hosted and open-source model infrastructure

Open-source and third-party models that are not served by Anthropic or OpenAI are hosted on infrastructure managed directly by ModelBridge or our vetted infrastructure partners. This infrastructure is deployed across the following geographic regions:

• United States -- US-East (Virginia) and US-West (Oregon)
• European Union -- EU-West (Frankfurt, Germany)
• Singapore -- AP-Southeast (Singapore)

These self-hosted models operate under a strict zero data retention policy:

• Request and response content is processed entirely in memory (RAM)
• No prompts, completions, or conversation data is written to disk at any point
• No request content is logged, cached, or persisted after the response is delivered
• Model weights are loaded from read-only storage; inference does not produce persistent artifacts
• GPU memory is cleared between requests; there is no cross-request data leakage

Usage metadata (token counts, costs, timestamps) is still recorded by the ModelBridge platform layer for billing and analytics purposes, as described in Section 3. This metadata does not include the content of your prompts or completions.

Request routing to specific regions is determined automatically based on latency and availability. We do not currently offer region pinning, but all regions operate under the same zero-retention policy.

6. How we use your data

We use the data we collect for the following purposes:

• Service delivery -- To authenticate your requests, route them to the correct model provider, and return responses
• Billing and accounting -- To calculate per-request costs, enforce spending limits, manage prepaid balances, and generate invoices
• Dashboard and analytics -- To display usage charts, activity logs, cost breakdowns, and team spending reports in your dashboard
• Debugging and support -- To investigate and resolve technical issues, failed requests, or billing discrepancies when you contact support
• Abuse prevention -- To detect and prevent misuse of the platform, including unauthorized access, rate limit abuse, and violations of upstream provider acceptable use policies
• Service improvement -- To monitor aggregate platform performance, uptime, and error rates (using anonymized, aggregated data only)

We do not use your API request content (prompts or completions) to train machine learning models, and we do not sell or license your data to any third party for any purpose.

7. Data security

We implement the following security measures to protect your data:

• Encryption in transit -- All API traffic to and from ModelBridge is encrypted using TLS 1.2 or higher. We enforce HTTPS on all endpoints. Connections using older TLS versions or unencrypted HTTP are rejected.
• Encryption at rest -- Data stored in our databases is encrypted at rest using AES-256 encryption provided by our infrastructure.
• API key security -- API keys are stored as SHA-256 cryptographic hashes. We cannot retrieve, view, or reverse your raw API key after creation. If you lose your key, you must generate a new one.
• Authentication -- Dashboard authentication is managed by Clerk, which provides session management, multi-factor authentication support, and device tracking.
• Access controls -- Internal access to production systems is restricted to authorized personnel with role-based permissions. Access is logged and audited.
• Infrastructure isolation -- API processing, database storage, and model inference run on separate, isolated infrastructure components.

Despite these measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your data using industry-standard practices and promptly addressing any security incidents.

8. Data sharing and third-party services

We do not sell, rent, or trade your personal data or API request content to any third party. Data is shared only in the following limited circumstances:

8.1 Upstream AI providers

When you make an API request, the request payload (prompts, messages, parameters) is forwarded to the upstream model provider you selected (Anthropic, OpenAI, or our self-hosted infrastructure). We do not modify the content of your requests except where necessary for format compatibility. See Section 4 for provider-specific details.

8.2 Payment processing (Stripe)

Billing data including your email, subscription plan, and payment amounts is shared with Stripe for payment processing. Stripe is our sole payment processor and is PCI DSS Level 1 certified.

8.3 Authentication (Clerk)

Account credentials, session data, and authentication events are managed by Clerk. Clerk stores your email, name, and authentication tokens on their infrastructure.

8.4 Legal obligations

We may disclose your data if required by law, subpoena, court order, or other valid legal process. We may also disclose data if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of ModelBridge, our users, or the public.

9. Team accounts and shared data

ModelBridge supports team accounts where multiple users share a billing pool and API keys. The following data visibility rules apply within teams:

• Team owners and administrators can view: aggregated team spend, per-member spend totals, request counts, model usage breakdown, and team billing history
• Team members can view: their own usage within the team, including their personal spend, request history, and activity logs
• No team member (including owners) can view the content of another member's API requests or responses. Prompt and completion content is private to the individual user.

Team API keys are associated with both the team and the individual user who created or used them. Usage from team keys is attributed to the individual user for activity tracking and to the team for billing purposes.

10. International data transfers

ModelBridge operates infrastructure in the United States, European Union, and Singapore. Your data may be transferred to and processed in any of these regions depending on the model you use and server availability.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland: data transfers outside these regions are conducted in compliance with applicable data protection laws, including the use of Standard Contractual Clauses (SCCs) where required.

Upstream providers (Anthropic, OpenAI) may process data in different jurisdictions according to their own data processing agreements and privacy policies.

11. Your rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of access -- You can view your personal data, usage history, activity logs, and billing information at any time through your ModelBridge dashboard
• Right to rectification -- You can update your name and account settings through the dashboard. Email changes are managed through Clerk
• Right to deletion -- You can request deletion of your account and all associated data. Upon deletion, personal data and usage metadata are removed within 30 days
• Right to data portability -- You can export your usage data via the API or dashboard
• Right to restrict processing -- You can revoke API keys at any time to stop data processing for specific keys
• Right to object -- You can contact us to object to specific data processing activities
• Right to withdraw consent -- Where processing is based on consent, you can withdraw consent at any time by contacting us

To exercise these rights or for any privacy-related questions, contact us at privacy@modelbridge.dev. We will respond to verified requests within 30 days.

12. Children's privacy

ModelBridge is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at privacy@modelbridge.dev.

13. Cookies and tracking technologies

ModelBridge uses the following cookies and similar technologies:

• Essential cookies -- Required for authentication, session management, and CSRF protection. These cannot be disabled without breaking core functionality.
• Preference cookies -- Store your dashboard preferences such as theme settings and chart duration selections. These are stored locally in your browser.

We do not use advertising cookies, third-party tracking pixels, fingerprinting, or cross-site tracking of any kind. We do not participate in advertising networks or data broker services.

14. Changes to this policy

We may update this privacy policy from time to time to reflect changes in our practices, services, or applicable laws. When we make changes:

• Material changes will be communicated via email to all registered users at least 14 days before they take effect
• The "Last updated" date at the top of this page will be revised
• Previous versions of this policy will be archived and available upon request

Continued use of ModelBridge after changes take effect constitutes acceptance of the updated policy.

15. Contact information

For questions, concerns, or requests related to this privacy policy or our data practices, you can reach us at: