Privacy Policy
Last updated: 2026-06-29
1. Who we are
RouteAll ("we", "us") is operated by APACHE INTERNATIONAL COMMERCE LIMITED. This Privacy Policy explains what personal data we collect, how we use it, and your rights when you use our website, console, and API at routeall.ai.
2. Information we collect
Account: your email address and, if you sign in with Google or GitHub, your provider account identifier. Your password is stored only as a salted argon2id hash — we never store or see it in plaintext. API keys: stored only as a SHA-256 hash and shown to you once at creation; we cannot recover the plaintext. Billing: top-up orders, wallet balances, double-entry ledger records, and any billing address you provide. Usage: the model you call, token/call counts, timestamps, the amount charged, your IP address, and your account/API-key identifiers. Request content: the prompts you send and the responses returned (see §4). Referrals: if you join via a referral link or refer others, the referral relationship.
3. How we use your data
We use your data to: operate and route the Service; meter and bill usage accurately; prevent fraud and abuse (including IP-based rate-limiting and anti-self-referral checks); provide customer support and resolve billing disputes; send essential transactional emails (verification, password reset); and, in aggregate, understand and improve the Service. We do not sell your personal data, and we do not use your prompts or outputs to train our own models.
4. Your prompts, responses, and generated media
To fulfil an API call, your request is forwarded to the upstream AI provider you selected (for example OpenAI, Anthropic, Google, DeepSeek, Alibaba, MiniMax and others). Those providers process the request under their own privacy terms; we forward only what is needed to complete your call. We may retain request and response content for a limited period (by default up to 90 days, configurable and shortenable) solely for abuse prevention, debugging, support, and billing reconciliation. Access to this content is restricted to authorized operators and is logged. We never sell it. Media you generate (images, video, audio) may be stored on our object storage so you have a stable result link tied to your account.
5. Payment processing
Card and Alipay payments are handled by Stripe; USDT payments by NOWPayments. These processors collect your payment details directly under their own privacy policies — we never receive or store full card numbers. We retain only the order amount, status, and a payment reference needed for accounting and dispute handling.
6. Service providers we share data with
We share data only with providers that help us run the Service, and only as needed: upstream AI model providers (to fulfil your calls); Stripe and NOWPayments (payments); Google Analytics (website analytics, only if you consent); Cloudflare Turnstile (bot and abuse prevention at sign-up and top-up); Resend (transactional email); and Alibaba Cloud OSS (storage of media you generate). Each processes data under its own terms. We do not sell data to, or share it with, advertisers.
7. Cookies and analytics
We use strictly necessary local storage and cookies for login, security, and your preferences. Google Analytics loads only after you opt in through our cookie banner, and you can change or withdraw your choice at any time via "Cookie settings". We do not use advertising or cross-site tracking cookies.
8. Data security
We apply industry-standard safeguards: passwords are argon2id hashes, API keys are SHA-256 hashes, upstream provider keys are envelope-encrypted at rest (AES-GCM), and all traffic is served over HTTPS/TLS. Access to internal operator tools is restricted and audited. No method of transmission or storage is perfectly secure, but we work to protect your data and will notify you of a breach where required by law.
9. Data retention
We keep account data while your account is active. Billing and ledger records are retained as required to meet financial, tax, and audit obligations. Request content is retained for the limited period described in §4. When you delete your account, we delete or anonymize your personal data except where we are legally required to retain certain records.
10. Your rights
You may request access to, correction of, export of, or deletion of your personal data, and you may withdraw analytics consent at any time. If you are in the EU/UK, you also have the right to object to or restrict processing and to lodge a complaint with your local data-protection authority. We honor these requests subject to legal and billing-record retention obligations.
11. International transfers & children
We operate globally, and your data (including prompts sent to providers) may be processed in countries other than your own; we rely on appropriate safeguards for such transfers. The Service is not directed to children under 16, and we do not knowingly collect their data.
12. Changes and contact
We may update this Policy from time to time; we will revise the "Last updated" date and, for material changes, provide notice. For any privacy request or question, contact APACHE INTERNATIONAL COMMERCE LIMITED at privacy@routeall.ai.