Privacy Policy
Last updated: May 19, 2026
This Privacy Policy describes how LLMGovernor ("we", "us", or "our") collects, uses, and shares your personal information when you use our service.
This is a working draft prepared to support launch. Before publishing publicly, have it reviewed by counsel familiar with your jurisdiction(s).
1. Information we collect
Account information you provide
- Email address — required to create an account and receive transactional emails (magic links, billing receipts, alerts).
- Display name (when you sign in via Google or Microsoft OAuth) — used to personalize the dashboard and the Stripe customer record.
Information we receive from identity providers
When you sign in with Google or Microsoft, we receive the OAuth profile fields you authorize: email, name, and provider account id. We do not request, store, or use access to your contacts, calendar, files, or any other data from these providers.
Information you generate while using the service
- Agent events — telemetry your SDK sends about LLM calls (provider, model, token counts, cost, agent name, timestamps). This is the core data the product analyzes.
- API keys you create — we store a one-way hash of the key plus a short prefix used for display and key lookup. The full key is shown to you once at creation and is not recoverable from our database.
Billing information
We use Stripe to process payments. We do not collect or store credit card numbers. Stripe sends us your customer id, subscription status, and high-level invoice metadata; the card itself is handled entirely by Stripe under their PCI-DSS Level 1 compliance.
Technical and operational data
- Server logs — request method, path, status code, latency, request id, IP address. Retained for 30 days for debugging and security investigation.
- Cookies — see "Cookies" below.
2. How we use the information
We use your information to:
- Provide, maintain, and improve the LLMGovernor service.
- Authenticate you and keep your account secure.
- Calculate spend against the budgets you configure.
- Send transactional emails (magic links, billing receipts, budget alerts).
- Process payments and manage subscriptions via Stripe.
- Detect, investigate, and prevent fraud, abuse, or security incidents.
- Comply with legal obligations.
We do not use your data to train AI models, sell it to advertisers, or share it with brokers.
3. Sub-processors
We share information with the following service providers, each acting only on our instructions and bound by contractual confidentiality obligations:
| Provider | Purpose | Data shared |
|---|---|---|
| Amazon Web Services | Hosting, database, object storage | All operational data |
| Stripe | Payment processing | Email, name, billing metadata |
| Resend | Transactional email | Email address, message content |
| Google / Microsoft | OAuth sign-in (only if you choose this method) | OAuth profile fields you authorize |
4. Cookies
We use the following cookies on the LLMGovernor domain. None are used for advertising or cross-site tracking.
| Cookie | Purpose | Expiry |
|---|---|---|
user_session |
Authenticated session; HttpOnly, Secure, SameSite=Lax | 30 days |
theme |
Stores your light/dark mode preference | 1 year |
5. Your rights
Depending on your location (e.g. EU, UK, California), you may have rights to:
- Access the personal information we hold about you.
- Correct inaccurate information.
- Delete your account and associated data.
- Export your data in a portable format.
- Object to or restrict certain processing.
- Withdraw consent at any time.
To exercise any of these rights, email us at privacy@llmgovernor.ai. We will respond within 30 days. Self-serve account deletion and data export from the dashboard are on our roadmap.
6. Data retention
- Account records — retained while your account is active and for 90 days after deletion to handle billing disputes and security investigations.
- Agent events — retained according to your subscription tier; older events are aggregated or deleted.
- Server logs — retained for 30 days.
- Billing records — retained for 7 years as required by tax law.
7. Security
We use industry-standard practices to protect your data:
- TLS 1.2+ for all network traffic.
- Encryption at rest for databases (AES-256).
- API keys stored only as bcrypt hashes.
- Secrets managed via AWS Secrets Manager with strict IAM scope.
- Regular dependency vulnerability scanning.
No system is perfectly secure. If you suspect your account has been compromised, contact us immediately at security@llmgovernor.ai.
8. International transfers
Our infrastructure is hosted in AWS us-east-1 (Northern Virginia, USA). If you access the service from outside the United States, your data will be transferred to and processed in the US. Where required by law, we rely on Standard Contractual Clauses or equivalent safeguards for cross-border transfers.
9. Children
LLMGovernor is not directed at children under 16, and we do not knowingly collect their personal information. If you believe a child has provided us their data, please contact us so we can delete it.
10. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be announced at least 30 days in advance via email or a notice in the dashboard. Continued use of the service after a change constitutes acceptance of the updated policy.
11. Contact
For privacy questions or requests:
LLMGovernor Email: privacy@llmgovernor.ai