Privacy Policy

1. Information We Collect

We collect information that you provide directly to us, including:

• Account information (email address, password)
• Payment information (processed securely through our payment providers)
• API usage data and logs
• Communication data when you contact us

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process transactions and send related information
• Send technical notices, updates, and support messages
• Monitor and analyze trends, usage, and activities
• Detect, prevent, and address technical issues and fraud

3. Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encrypted data transmission (HTTPS/TLS)
• Secure password hashing
• Regular security audits
• Access controls and authentication

4. Data Sharing

We do not sell your personal information. We may share your information with:

• Service providers who assist in our operations
• AI model providers (OpenAI, Anthropic, Google, etc.) to process your API requests
• Law enforcement when required by law

5. Your Rights Under DPDP Act 2023

Under the Digital Personal Data Protection Act 2023 (India), you have the following rights as a Data Principal:

• Right to Information: Access a summary of all personal data we hold about you from your Profile page in the dashboard.
• Right to Correction: Correct inaccurate personal data (name, phone) from your dashboard, or email us.
• Right to Erasure: Delete your account and all associated personal data using the "Delete My Account" option in Security settings. Financial records (transactions) are retained for 7 years as required by Indian tax law.
• Right to Grievance Redressal: Lodge a complaint with our Grievance Officer (see Section 9).
• Right to Nominate: You may nominate another individual to exercise your data rights in the event of your death or incapacity. Contact our Grievance Officer to register a nominee.

To exercise any right, email [email protected].

6. Consent

We collect your explicit consent at registration before processing any personal data. By accepting our Terms of Service and Privacy Policy during signup, you consent to the data processing activities described in this policy.

Withdrawing consent: You may withdraw consent at any time by deleting your account (Security settings in the dashboard) or by emailing [email protected]. Withdrawal of consent will result in account termination. Note: no "legitimate interest" basis is claimed — all processing is based on consent or narrow legal obligations as permitted under the DPDP Act.

7. Cookies and Tracking

We use cookies and similar tracking technologies to:

• Maintain your authenticated session (httpOnly, Secure cookies)
• Remember your preferences
• Analyze site traffic and usage (anonymized where possible)

8. Cross-Border Data Transfers

AICredits acts as a gateway to third-party AI model providers. When you make API requests, your prompt content is routed to one or more of the following Data Processors located outside India:

• OpenAI, LLC — United States
• Anthropic, PBC — United States
• Google LLC (Gemini) — United States
• Mistral AI — France / European Union
• xAI — United States
• DeepSeek — China (usage subject to ongoing legal review)
• Razorpay Software Pvt. Ltd. — India (payment processing)

AICredits is the Data Fiduciary; these providers are Data Processors acting on our instructions. We maintain Data Processing Agreements with each processor. Cross-border transfers are made only to countries not on any Central Government blacklist under the DPDP Act.

Users who set their retention policy to "Metadata Only" in their dashboard will have prompt and response content automatically redacted from our systems, minimizing data exposure to downstream processors.

9. Children's Data

AICredits is intended exclusively for users who are at least 18 years of age. We do not knowingly collect or process personal data of minors. If we become aware that a user is under 18, we will immediately delete their account and associated personal data. If you believe a minor has registered on our platform, please notify us at [email protected].

10. Data Retention

• API request logs: Retained per your account's retention policy. Content (prompts/responses) is redacted after the retention period; metadata (model, token counts, cost) is kept for billing.
• Payment and transaction records: Retained for 7 years as required by Indian GST and financial regulations.
• Audit logs: Retained for 2 years for security and compliance purposes.
• Account data: Retained until account deletion. Upon deletion, all PII is removed; anonymized records may be retained for the periods above.

11. Grievance Officer

In accordance with the Digital Personal Data Protection Act 2023, we have appointed a Grievance Officer to address data-related complaints:

For general privacy enquiries, you may also contact: [email protected]