Privacy Policy

Account data. When you create an account we collect your email address, name, and authentication credentials provided through our identity provider (Clerk).

Usage metadata. We record request counts, model selections, latency metrics, and error codes to operate and improve the service. This metadata never includes prompt or completion content.

Billing data. Payment information is processed by our payment provider (Polar). We do not store full card numbers on our systems.

We use the information we collect to:

• Provide, maintain, and improve the Routera platform
• Authenticate your identity and manage your account
• Process payments and enforce usage limits
• Send transactional communications (receipts, alerts)
• Detect abuse, fraud, and security incidents

We do not sell your personal data. We do not use your data to train machine learning models.

We share data only with the minimum set of sub-processors required to operate the service:

• Upstream model providers — receive the request payload you send, subject to their own privacy policies.
• Clerk— authentication and identity management.
• Convex— backend infrastructure and database.
• Polar— payment processing.

We may also disclose information when required by law or to protect the rights and safety of our users.

API traffic: Zero retention. Prompts, completions, and all model I/O are never stored.

Account data: Retained while your account is active. You may request deletion at any time.

Usage metadata: Aggregated metrics may be retained for up to 90 days for operational purposes, then automatically purged.

All data in transit is encrypted via TLS 1.2+. Access to internal systems is protected by role-based access controls. We conduct regular security reviews of our infrastructure.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

• Access— request a copy of the personal data we hold about you.
• Rectification— correct inaccurate or incomplete data.
• Erasure— request deletion of your personal data.
• Restriction— restrict processing of your data in certain circumstances.
• Portability— receive your data in a structured, machine-readable format.
• Objection— object to processing based on legitimate interests.

Our legal basis for processing is contractual necessity (providing the service you signed up for) and legitimate interest (security and fraud prevention). Because we maintain a zero data retention policy for API traffic, the scope of personal data we hold is minimal.

To exercise any of these rights, contact us at privacy@routera.one. We will respond within 30 days.

Our company is registered in Romania, EU. Infrastructure may be hosted in the European Union or other regions. If your data is processed outside the EEA, we rely on standard contractual clauses and our zero-retention architecture to safeguard cross-border transfers in compliance with GDPR.

We use strictly necessary cookies for authentication and session management. We do not use advertising or tracking cookies.

Routera is not directed to individuals under the age of 16. We do not knowingly collect data from children.

We may update this policy from time to time. Material changes will be communicated via email or an in-app notice. Continued use of the service after changes constitutes acceptance.

Routera (WAVEDIGITALWEB SRL)
Strada Liliacului, Deva, Hunedoara, Romania
Email: privacy@routera.one