Last updated: February 8, 2026

Privacy Policy

1. Information We Collect

Account Information

When you create an account, we collect your email address and a hashed password. Authentication is handled by Supabase Auth.

Request Logs

When you use Proxle to proxy LLM requests, we log:

  • Request and response headers (with sensitive headers sanitized)
  • Request and response bodies
  • Provider, model, and endpoint information
  • Timestamps and latency measurements
  • Token counts and calculated costs
  • Custom metadata you attach to requests

Usage Analytics

We collect aggregate usage metrics to improve the Service, including request counts, error rates, and feature usage patterns.

2. How We Use Information

  • Service delivery: Providing request logging, caching, cost tracking, and analytics
  • Account management: Authentication, billing, and support
  • Service improvement: Understanding usage patterns to improve features
  • Security: Detecting and preventing abuse

3. What We Don't Store

Provider API keys are never stored. Your LLM provider keys (e.g., OpenAI API keys) are passed through to the provider in real-time and discarded immediately after the request. The only exception is the optional provider credentials feature for request replay, which requires explicit opt-in and is encrypted at rest.

4. Data Retention

Request logs and associated data are retained based on your plan:

  • Free plan: 7 days
  • Pro plan: 90 days
  • Team plan: 1 year

After the retention period, data is automatically deleted. Account data is retained until you delete your account.

5. Data Security

  • Encryption in transit: All connections use HTTPS/TLS
  • Encryption at rest: Database encryption via Supabase
  • Password hashing: Passwords are hashed using bcrypt
  • API key hashing: Proxle keys are hashed before storage
  • Credential encryption: Provider credentials for replay are encrypted using AES-256 (Fernet)
  • Header sanitization: Sensitive headers are removed before logging

6. Third-Party Services

We use the following third-party services:

  • Supabase: Authentication and database hosting
  • Vercel: Frontend hosting and deployment
  • Railway: Backend hosting and deployment
  • Sentry: Error tracking and monitoring (no personal data)

7. Cookies

We use only essential cookies required for authentication (Supabase Auth session cookies). We do not use tracking cookies or third-party advertising cookies.

8. Your Rights

You have the right to:

  • Access: View all data associated with your account through the dashboard
  • Export: Export individual requests as cURL, Python, or JavaScript
  • Deletion: Delete your account and all associated data from Settings > Account
  • Correction: Update your account information

For GDPR requests or to exercise your privacy rights, contact us at privacy@proxle.dev.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top reflects the most recent revision.

10. Contact

For questions about this Privacy Policy, contact us at privacy@proxle.dev.