ROVOAPI
Get Started
AboutTerms of ServicePrivacy PolicySupport

privacy

Privacy Policy

Last Updated: June 2026

RovoAPI ("we", "us", "our", or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information.

1. Information We Collect

Account Information

  • Email address and username
  • Password (encrypted)
  • Company/organization name
  • Payment method details (processed by third-party providers)
  • Phone number (optional)

Usage Data

  • API requests (model, tokens, timestamps)
  • API key identifiers
  • IP address and user agent
  • Error logs and performance metrics
  • Dashboard activity logs

Cookies and Tracking

  • Session cookies (authentication)
  • Analytics cookies (usage patterns, via Google Analytics)
  • You can disable cookies in browser settings

2. What We Do NOT Store

Critical Privacy Commitment:

  • ❌ We do NOT store your prompts or messages
  • ❌ We do NOT store API responses
  • ❌ We do NOT share your data with upstream providers (Claude, GPT, DeepSeek)
  • ❌ We do NOT use your data for model training

We only act as a transparent pass-through relay. Your prompts are sent directly to the upstream provider you selected, and responses are sent back to you. We neither inspect nor retain them.

3. How We Use Your Information

We use collected information to:

  • Provide the service — route requests, manage accounts
  • Billing — calculate costs, process payments
  • Security — detect fraud, abuse, unauthorized access
  • Improvements — analyze usage patterns, optimize routing
  • Communication — send service updates, support responses
  • Legal compliance — respond to lawful requests

4. Legal Basis for Processing (GDPR)

For EU users, we process data based on:

  • Contractual necessity — to provide the service
  • Legitimate interest — fraud prevention, security
  • Legal obligation — tax, law enforcement compliance
  • Your consent — marketing communications (opt-in)

5. Data Retention

  • Account data — retained while account is active + 90 days after termination
  • Usage logs — retained for 12 months for billing and support
  • Payment data — retained per payment processor's schedule (1-7 years)
  • Backups — may contain historical data for recovery purposes

You can request data deletion at any time (subject to legal holds).

6. Data Sharing

We share data only with:

  • Upstream providers — only the requests you explicitly send (Claude, GPT, etc.)
  • Payment processors — Stripe, Alipay (encrypted)
  • Analytics services — Google Analytics (anonymized)
  • Legal authorities — if required by law or court order
  • Service providers — hosting, email, support tools (under confidentiality agreements)

We do NOT sell your data to third parties.

7. International Data Transfers

Our servers are located in:

  • China (Aliyun Shanghai) — for API processing
  • US (Vercel) — for web frontend
  • Singapore — backup region

If you are in the EU, your data is transferred to these regions. We rely on Standard Contractual Clauses for GDPR compliance.

8. Security Measures

We implement:

  • HTTPS encryption (TLS 1.3)
  • API key hashing and rotation
  • Database encryption at rest
  • Rate limiting and DDoS protection
  • Regular security audits
  • Incident response procedures

However, no security is 100% guaranteed. You are responsible for protecting your API keys.

9. Your Rights

GDPR (EU Users)

  • Right to access — request a copy of your data
  • Right to rectification — correct inaccurate data
  • Right to erasure — delete your data
  • Right to restrict processing — limit how we use data
  • Right to data portability — export data in machine-readable format
  • Right to object — opt-out of certain processing

CCPA (California Users)

  • Right to know what personal information is collected
  • Right to delete collected personal information
  • Right to opt-out of selling/sharing information
  • Right to non-discrimination for exercising privacy rights

General

10. Third-Party Services

Our website and service use:

  • Google Analytics — anonymized usage analytics
  • Stripe / Alipay — payment processing
  • Clerk — authentication (if using single sign-on)
  • Sentry — error tracking

These services have their own privacy policies. We recommend reviewing them.

11. Children's Privacy

RovoAPI is not intended for users under 13. We do not knowingly collect data from children. If we learn we've collected data from a child, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy with 30 days' notice by posting changes here. Your continued use constitutes acceptance of changes.

13. Contact Us

For privacy questions, requests, or complaints:

  • Email: [email protected]
  • Mailing Address: [Company Address]
  • Data Protection Officer: [DPO Contact]

For EU users: You also have the right to lodge a complaint with your local data protection authority.

We take your privacy seriously. If you have concerns, please reach out.

Last updated: 6/20/2026

Have questions? Contact us at [email protected]