Privacy Agreement

This Privacy Agreement applies to the Rocket Relay website, console, API gateway, relay services, billing system, BYOK features, customer support, and related enterprise services.

If you use the service on behalf of a company, team, or other organization, you confirm that you are authorized to submit, manage, and process data for that organization.

Account and organization information: email addresses, company names, member roles, organization invitation codes, login status, registration approval status, and account security events.

Billing and transaction information: balances, top-ups, deductions, subscription plans, invoice or payment status, payment request identifiers, and Stripe or crypto payment status. Full card details are processed by payment providers; we do not store complete card numbers.

API usage metadata: API key identifiers, model names, providers, request paths, status codes, input and output token counts, latency, balance deductions, error status, IP addresses, and User-Agent strings.

BYOK and upstream credentials: if you use your own upstream keys or OAuth authorization, we store encrypted credentials, labels, provider types, status, and authorization metadata required to proxy requests.

Support and sales information: names, contact details, business requirements, company information, and communication records that you provide through contact forms, email, meetings, or support channels.

To complete model calls, prompts, messages, file snippets, tool parameters, context, and model outputs that you submit are transmitted in real time to the upstream model provider you select, or to the upstream account you configure through BYOK.

By default, we do not store API request bodies or model response bodies in the business database. Request logs are used by default to show metadata such as model, token counts, status code, and latency.

The production proxy configuration disables full request and response file logging by default and enables commercial mode to avoid installing high-overhead body logging middleware. If more detailed logs are enabled later for troubleshooting, compliance, or a dedicated enterprise deployment, they should be governed by separate configuration, access controls, and retention limits.

Do not submit data through the service unless you have the right to process it. For highly sensitive information, we recommend using the minimum necessary context, redacted inputs, BYOK, a dedicated instance, or additional data processing terms agreed with us.

We use information to provide, maintain, and improve the API gateway, model routing, authentication, organization management, balance billing, subscriptions, invoicing, BYOK, webhooks, audit features, and customer support.

We use information to detect abuse, fraud, abnormal calls, credential leaks, billing errors, service failures, and security incidents.

We may generate aggregated or de-identified operational statistics, such as model usage, revenue summaries, supply chain health, and service quality metrics.

We may send account verification, password reset, billing, service change, security, and necessary operational notices to administrators or enterprise contacts.

The service is an enterprise AI API gateway. To complete requests, we may send necessary content to model providers, compatible API services, payment providers, email providers, cloud infrastructure, databases, caches, monitoring tools, and security service providers.

When you use the official model pool, relevant requests are sent to the corresponding upstream model providers. Their processing of data is also governed by their own API terms, privacy policies, data retention rules, and security commitments.

When you use BYOK, requests are sent to your upstream account using the credentials you configure. You are responsible for ensuring that the upstream account, organization policies, and data processing settings meet your compliance requirements.

We do not sell your personal information or customer content, except as necessary to provide the service, comply with law, handle security incidents, complete a business transaction, or act with your authorization.

Customer API keys are stored in hashed form and are shown only as prefixes or one-time plaintext values. Sensitive configurations such as BYOK, SMTP, and payment settings are stored using envelope encryption.

We use access controls, least privilege, encryption in transit, request body size limits, rate limits, audit logs, health checks, and monitoring mechanisms to reduce the risk of unauthorized access, abuse, and service interruption.

No internet service can guarantee absolute security. If we identify an incident that may affect the security of your account or data, we will take notification, mitigation, and remediation steps based on applicable law, contracts, and the impact of the incident.

Account, organization, billing, balance, invoice, audit, and compliance records are retained during the service relationship and for as long as needed for legal, tax, dispute resolution, or security purposes.

API usage metadata and request logs are retained according to system configuration, enterprise plan settings, or applicable contracts. Historical partitioned data may be cleaned up or archived on a monthly basis.

When you delete an account, disable an organization, or request deletion, we will process the request within a reasonable period. However, backups, accounting records, audit logs, security records, and legally required records may be retained until the applicable retention period expires.

You may access, update, or delete account profile information and manage members, API keys, BYOK credentials, webhooks, billing, and certain request logs.

Enterprise administrators may view members, usage, balances, API keys, billing, audit, and security-related information on behalf of the organization. Administrator access should be granted only to trusted personnel.

If you need to export, delete, correct, restrict processing of, or obtain information about data processing, you may submit a request using the contact method at the end of this agreement. We may need to verify your identity and organization permissions.

Because model providers, cloud infrastructure, payment, email, and security services may be located in different countries or regions, your data may be transferred to, stored in, or processed in jurisdictions outside your location.

We will apply appropriate safeguards based on applicable law, contracts, and service configuration. Enterprise customers with data residency, international transfer, or dedicated deployment requirements should confirm those requirements with us before procurement or deployment.

The service is intended for businesses and professional teams, not children. Children may not use the service without appropriate guardian and organizational authorization.

We may update this agreement due to product, legal, compliance, or security requirements. Material changes may be communicated through the website, console, email, or another reasonable method.

The updated agreement applies from the effective date shown on this page. If you continue using the service after the agreement is updated, you accept the updated terms.

If you have questions about this agreement, data processing, security measures, or enterprise compliance, contact us through the website contact page or your customer success or sales contact.

Contact page: /contact