Privacy Policy
Last updated: July 16, 2026
This policy explains what PORDL collects, what we deliberately do not collect, where your request content goes, and the rights you have over your data.
1. What we do not collect
Prompt and completion content is never logged. Request and response bodies pass through our servers in memory for the duration of the request; cached responses are held only in a short-lived (≤1 hour) cache — keyed by a one-way hash, used solely to serve identical requests — and then auto-expire. Our usage records contain metadata only (see section 3).
2. Where your request content goes
To serve a request, PORDL forwards your message content to the model provider selected for that request. Providers that may receive request content:
| Provider | Serves | Processing location |
|---|---|---|
| OpenAI, L.L.C. | gpt-4o-mini, gpt-4o, gpt-5.4 | United States |
| DeepSeek (Hangzhou DeepSeek Artificial Intelligence Co., Ltd.) — official DeepSeek API | deepseek-v4-flash, deepseek-v4-pro | People's Republic of China |
| Anthropic, PBC | wired in the provider layer; models pending | United States |
| Google LLC | wired in the provider layer; models pending | United States |
| Groq, Inc. (content-safety screening — Llama Guard) | all requests, classification only | United States |
Every request also passes through an automated content-safety check before it is forwarded to any provider. Screening uses Meta's Llama Guard classifier served by Groq, Inc. (United States); message content is processed transiently for classification only.
Each provider handles content under its own terms and privacy policy. If you route to a specific model by name, your content goes to that model's provider.
3. What we collect
Account data
- Email address and a salted hash of your password (never the password itself).
- API keys are stored as SHA-256 hashes; we cannot recover a lost key.
- Your Acceptable Use Policy acceptance and 18-or-older confirmation, with timestamp.
Usage metadata (per request)
- Timestamp, API key ID, provider and model used, input/output token counts, cost, latency, routing mode, cache status.
Safety and security events
- When the content-safety check flags a request: timestamp, key ID, flagged category, and the action taken. The content itself is not stored.
Billing
- Payments are processed by Stripe, Inc. We store your Stripe customer ID and subscription tier; we never see or store card numbers. See Stripe's privacy policy.
4. Retention
| Data | Retention |
|---|---|
| Prompt / completion content | Never logged; identical-request response cache ≤1 hour, then auto-expires |
| Usage metadata | 12 months, then deleted or aggregated |
| Safety / security event metadata | 12 months |
| Server logs (IP, request path, status) | 30 days |
| Account data | Until you delete your account, then removed within 30 days |
5. How we use data
- Operating the Service: routing, metering, billing, rate limiting.
- Safety: enforcing the Acceptable Use Policy and preventing abuse.
- Service communication: account and billing notices. We do not sell your personal information, and we do not use your content to train models.
6. California privacy rights (CCPA/CPRA)
PORDL is a California business. If you are a California resident, you have the right to: (a) know the categories and specific pieces of personal information we collect (sections 2–3); (b) request deletion of your personal information; (c) correct inaccurate personal information; (d) opt out of the sale or sharing of personal information — we do not sell or share personal information as defined by the CCPA; and (e) not be discriminated against for exercising these rights. To exercise any of these rights, email privacy@pordl.dev from your account email. We respond within 45 days.
7. Security
Transport encryption (TLS) on all endpoints, hashed credentials and API keys, and access controls on production data stores. No system is perfectly secure; we will notify affected users of any breach as required by law.
8. Changes and contact
Material changes to this policy will be announced on this page with an updated effective date. Questions: privacy@pordl.dev.