Privacy Policy
This Privacy Policy explains how [COMPANY LEGAL NAME] ("Optera," "we," "us") collects, uses, and shares information when you use the Optera service — a proxy that sits between your application and large language model ("LLM") providers to reduce token usage and cost (the "Service").
1. Information we collect
Account information
When you create an account we collect your name, email address, and authentication identifiers. Authentication is handled by Clerk. If you choose to sign in through a third-party identity provider offered by Clerk, that provider shares basic profile information with us to establish your account.
Billing information
Payments are processed by Stripe. Stripe collects and processes your payment details directly; we do not receive or store full payment card numbers. We retain billing metadata such as your Stripe customer and subscription identifiers, selected plan, and subscription status.
API request data routed through the proxy
The core function of the Service is to forward your API requests to the LLM provider you select. As requests pass through Optera, the prompts, system prompts, messages, model parameters, and the provider's responses are processed by us in transit. To deliver caching, routing, compression, and analytics, we also process and may store:
- Token counts and cost/savings metrics derived from each request and response.
- Cryptographic hashes of prompts (not the raw prompt text) used to look up matching cache entries.
- Cached response bodies returned by providers, stored so identical or near-identical future requests can be served from cache.
- Compressed system-prompt content and conversation summaries generated to reduce the size of future requests.
Embeddings for semantic caching
To match semantically similar prompts, prompt text may be transmitted to OpenAI's embeddings API to generate a numerical vector representation. This occurs for the purpose of similarity matching even where your underlying request is routed to a different provider. The resulting vectors are stored to power the semantic cache.
API keys
Your provider API keys pass through Optera so we can authenticate requests to your chosen LLM provider on your behalf. API keys that Optera issues to you are stored only as salted hashes together with a short, non-sensitive preview for identification.
Usage and technical data
We collect logs and metadata such as IP address, timestamps, request status, and high-level usage statistics to operate, secure, and improve the Service. Clerk sets session cookies necessary for authentication.
2. How we use information
- To provide, operate, and optimize the Service, including caching, model routing, compression, and savings analytics.
- To display your dashboard, usage, and savings metrics.
- To process payments, manage subscriptions, and send service-related communications.
- To provide support and respond to your requests.
- To monitor for security, abuse, and fraud, and to meet legal obligations.
3. Service providers and sharing
We share information with the following sub-processors strictly to provide the Service. We do not sell personal information.
| Provider | Purpose | Data involved |
|---|---|---|
| Clerk | Authentication & account management | Name, email, auth identifiers |
| Stripe | Payment processing & billing | Payment details (held by Stripe), billing metadata |
| OpenAI | Prompt embeddings; LLM provider when you route to it | Prompt text, request/response content |
| Anthropic | LLM provider when you route to it | Request/response content |
| Resend | Transactional & account email | Email address, message content |
| Hosting & data infrastructure | Running the app, proxy, database, and cache | All categories above, as processed by the Service |
We may also disclose information if required by law, to enforce our terms, or to protect the rights, safety, and security of Optera, our users, or others.
4. Data retention
Cache entries expire automatically based on configured time-to-live settings. Request logs and analytics are retained for [RETENTION PERIOD], after which they are deleted or aggregated. When you delete a workspace or close your account, we delete or de-identify associated data within [DELETION WINDOW], except where retention is required for legal, accounting, or security purposes.
5. Your rights and choices
Depending on your location, you may have the right to access, correct, export, or delete your personal information, and to object to or restrict certain processing. You can manage much of your data directly in the dashboard, or contact us at privacy@optera.dev to exercise these rights.
6. Security
We protect data in transit using encryption, store issued API keys only as salted hashes, and apply access controls to limit who can reach customer data. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
7. International transfers
Our providers may process data in countries other than your own, including the United States. Where required, we rely on appropriate safeguards for such transfers.
8. Children
The Service is not directed to individuals under 18, and we do not knowingly collect personal information from them.
9. Changes to this policy
We may update this policy from time to time. Material changes will be posted here with an updated effective date.
10. Contact
Questions about this policy or your data can be sent to privacy@optera.dev or [COMPANY ADDRESS].