Privacy Policy

CheapLLM (“we”, “us”, “our”) is a software service that enables users to access large language model APIs at reduced cost. Our website is cheapllm.net.

For questions about your data or to exercise your rights, contact us at contact [at] this domain.

We collect the following categories of personal data:

• —Account data: Email address, name, hashed password (or OAuth identity). Required to create and maintain your account.
• —API keys: Provider API keys you voluntarily provide. Stored encrypted (AES-256). Never logged or exposed.
• —Usage data: Prompts submitted, provider and model selected, token counts, response times, and estimated costs. Stored to power your dashboard.
• —Billing data: Handled entirely by Stripe. We do not store card numbers or full payment details.
• —Analytics data (optional, with consent): Anonymised page-view and interaction data via Vercel Analytics. No cross-site tracking or advertising profiles.

• —Contract performance (Art. 6(1)(b)): Account data and usage data are processed to deliver the service you signed up for.
• —Legitimate interests (Art. 6(1)(f)): Service security, fraud prevention, and product improvement.
• —Consent (Art. 6(1)(a)): Optional analytics cookies. You can withdraw consent at any time via Cookie Preferences in the footer.
• —Legal obligation (Art. 6(1)(c)): Tax and invoicing records as required by applicable law.

We use the following cookies:

Your third-party provider API keys (OpenAI, Anthropic, etc.) are:

• —Encrypted at rest with AES-256
• —Decrypted only in-memory when submitting a request on your behalf
• —Never logged or stored in plaintext
• —Never shared with or sold to third parties
• —Deletable by you at any time from Settings

We share your data only as strictly necessary:

• —LLM providers (OpenAI, Anthropic, etc.) — to submit your prompts using your own API keys
• —Stripe — to process subscription payments
• —Neon (PostgreSQL) — encrypted database hosting
• —Vercel — hosting and anonymised analytics

We do not sell your data. We do not use your data for advertising.

You can configure automatic deletion of job results: Never, 7 days, 30 days, or 90 days after completion, from your account settings.

If you delete your account, all personal data (jobs, results, API keys, settings) is permanently deleted within 24 hours.

Database backups are retained for up to 30 days for disaster-recovery purposes only and are not accessible outside of that context.

If you are in the European Economic Area (EEA) or United Kingdom, you have the following rights:

• —Right of Access (Art. 15): Request a copy of all personal data we hold about you. Export your data from Account Settings.
• —Right to Rectification (Art. 16): Update your account information at any time from Settings.
• —Right to Erasure (Art. 17): Delete your account and all associated data at any time. Permanent deletion within 24 hours.
• —Right to Restriction (Art. 18): Ask us to restrict processing of your data while a complaint is pending.
• —Right to Data Portability (Art. 20): Export your job history and results as CSV or JSON from your dashboard.
• —Right to Object (Art. 21): Object to processing based on legitimate interests.
• —Right to Withdraw Consent: For optional analytics cookies, withdraw consent at any time via Cookie Preferences in the footer.

To exercise any of these rights, email us at contact [at] this domain. We will respond within 30 days.

You also have the right to lodge a complaint with your local Data Protection Authority.

For privacy questions, data requests, or to exercise your rights: