Privacy Policy
Last updated: March 15, 2026
1. What We Collect
1.1 Account Information
- Email address (for authentication and account management)
- Password (stored as a salted hash; we never see your plaintext password)
- Display name / nickname (optional)
- Payment information (processed by Stripe; we do not store card details)
1.2 Request Metadata (Not Content)
For each API call routed through SilkHub, we log only:
- Timestamp
- Provider and model name
- Token counts (prompt tokens, completion tokens)
- Request status (success / error)
- Gateway key identifier (not the raw key)
We do not log prompt content, model responses, or any user data transmitted in the request body.
1.3 Usage Analytics
We may collect aggregated, anonymized usage statistics (e.g., total requests per provider) for product improvement. This data cannot be traced back to individual users.
2. How We Use Your Information
- Providing, maintaining, and improving the gateway service
- Billing, subscription management, and fraud prevention
- Sending service-related communications (account alerts, billing receipts)
- Technical support and debugging
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
3. Your Upstream Provider Keys
Your upstream API keys (e.g., DeepSeek, Kimi, Qwen keys) are encrypted with AES-256-GCM before storage. Encryption keys are managed separately and never co-located with the encrypted data. Keys are:
- Never logged in plaintext
- Never shared with third parties other than the corresponding upstream provider during request routing
- Used exclusively to forward your requests to the upstream API you designated
- Deleted from our systems upon your request or account deletion
4. Data Transmission to Upstream Providers
When you make an API call, your request payload is transmitted to the upstream AI provider you have selected (e.g., DeepSeek, Moonshot AI, Alibaba Cloud DashScope, MiniMax). This transmission is governed by each provider's own privacy policy. By using SilkHub, you acknowledge this transmission and confirm you have the legal authority to send the data.
We recommend you avoid including personally identifiable information or sensitive data in API prompts.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Request metadata (logs) | 30 days, then auto-deleted |
| Account information | Duration of account; deleted within 30 days of closure |
| Payment records | As required by applicable financial regulations |
| Encrypted provider keys | Until you delete them or close your account |
6. Security
- All data in transit is encrypted with TLS 1.3
- Provider keys are encrypted at rest with AES-256-GCM
- Access to production systems is restricted to authorized personnel
- We conduct regular security reviews
7. Third-Party Services
We use the following third-party services, each with its own privacy policy:
- Stripe — payment processing
- Supabase — database hosting
- Vercel — frontend hosting
8. Your Rights
You have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your account and associated data
- Export a copy of your data
- Withdraw consent (where processing is consent-based)
To exercise these rights, contact us at hi@silkhub.ai. We will respond within 30 days.
9. Cookies
We use only essential cookies required for authentication and session management. We do not use tracking or advertising cookies.
10. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email or in-product notice at least 7 days before taking effect. Continued use after changes are effective constitutes acceptance.
11. Contact
For privacy-related inquiries, contact us at: hi@silkhub.ai