Privacy Policy

Last updated: July 16, 2026

This policy explains what PORDL collects, what we deliberately do not collect, where your request content goes, and the rights you have over your data.

1. What we do not collect

Prompt and completion content is never logged. Request and response bodies pass through our servers in memory for the duration of the request; cached responses are held only in a short-lived (≤1 hour) cache — keyed by a one-way hash, used solely to serve identical requests — and then auto-expire. Our usage records contain metadata only (see section 3).

2. Where your request content goes

To serve a request, PORDL forwards your message content to the model provider selected for that request. Providers that may receive request content:

ProviderServesProcessing location
OpenAI, L.L.C.gpt-4o-mini, gpt-4o, gpt-5.4United States
DeepSeek (Hangzhou DeepSeek Artificial Intelligence Co., Ltd.) — official DeepSeek APIdeepseek-v4-flash, deepseek-v4-proPeople's Republic of China
Anthropic, PBCwired in the provider layer; models pendingUnited States
Google LLCwired in the provider layer; models pendingUnited States
Groq, Inc. (content-safety screening — Llama Guard)all requests, classification onlyUnited States

Every request also passes through an automated content-safety check before it is forwarded to any provider. Screening uses Meta's Llama Guard classifier served by Groq, Inc. (United States); message content is processed transiently for classification only.

Each provider handles content under its own terms and privacy policy. If you route to a specific model by name, your content goes to that model's provider.

3. What we collect

Account data

Usage metadata (per request)

Safety and security events

Billing

4. Retention

DataRetention
Prompt / completion contentNever logged; identical-request response cache ≤1 hour, then auto-expires
Usage metadata12 months, then deleted or aggregated
Safety / security event metadata12 months
Server logs (IP, request path, status)30 days
Account dataUntil you delete your account, then removed within 30 days

5. How we use data

6. California privacy rights (CCPA/CPRA)

PORDL is a California business. If you are a California resident, you have the right to: (a) know the categories and specific pieces of personal information we collect (sections 2–3); (b) request deletion of your personal information; (c) correct inaccurate personal information; (d) opt out of the sale or sharing of personal information — we do not sell or share personal information as defined by the CCPA; and (e) not be discriminated against for exercising these rights. To exercise any of these rights, email privacy@pordl.dev from your account email. We respond within 45 days.

7. Security

Transport encryption (TLS) on all endpoints, hashed credentials and API keys, and access controls on production data stores. No system is perfectly secure; we will notify affected users of any breach as required by law.

8. Changes and contact

Material changes to this policy will be announced on this page with an updated effective date. Questions: privacy@pordl.dev.