Legal
Last updated: June 17, 2026
Infyrence ("Infyrence," "we," "us," or "our") is an enterprise-grade AI gateway and routing infrastructure. This Privacy Policy explains how we collect, process, transmit, and protect data when you use our inference routing platform, management dashboard, and related services.
Infyrence operates as an enterprise-grade AI gateway and routing infrastructure. Our data collection is strictly limited to what is necessary to operate the platform, manage your organization, and deliver inference requests at the edge.
Account Metadata
When you create an organization, we store the minimum data required to authenticate and manage your account: cryptographic hashes of your API keys (SHA-256, one-way), your organization ID, user profile fields (name, email), and billing meter state used to track your complimentary 50-credit balance and any subsequent usage. API keys are never stored in plaintext. In the event of a database compromise, the original keys remain computationally infeasible to recover.
Inference Request Telemetry
To populate your management dashboard and enable routing decisions, we store non-sensitive telemetry for each API request: HTTP status codes, end-to-end latency metrics, the requested model identifier, the upstream provider name, and prompt/completion token counts. This telemetry contains no content.
What We Do Not Collect
We do not log, cache, or persist raw prompt strings, model responses, or any user-generated content by default. Your prompts and completions transit our edge network and are forwarded directly to the upstream provider without intermediate storage. If you explicitly opt-in to advanced diagnostic features or prompt caching, those features are governed by separate, clearly labeled configuration controls within your organization dashboard.
To fulfill inference requests, Infyrence securely transits formatted payloads via TLS-1.3-encrypted channels directly to authorized upstream cloud engines. For the Google Gemini 1.5 and 2.0 model families, requests are routed to Google Cloud Vertex AI or AI Studio endpoints as appropriate. Each provider operates under their own data processing agreements and privacy policies, which govern how they handle request payloads once received.
Edge-Level SSRF Shield
Infyrence runs active Server-Side Request Forgery (SSRF) protection at the edge layer. This system inspects every outbound provider redirect and blocks any payload from being weaponized or redirected to internal infrastructure, loopback IP ranges (127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), or unauthorized external network topologies. The SSRF shield operates on every request without exception.
We use the data we collect exclusively for the following purposes:
-Service delivery: Routing your inference requests to the optimal upstream provider with failover handling and latency-aware selection.-Dashboard and metering: Populating your usage dashboard with token consumption, latency percentiles, and cost projections.-Security and abuse prevention: Detecting anomalous request patterns, enforcing rate limits (RPM/TPM) across Virtual Keys, and blocking unauthorized access attempts.-Platform improvement: Aggregating anonymized latency and error rate metrics to improve routing algorithms. This data is never tied to individual prompt content or user identities.-Billing and compliance: Processing usage-based billing via Stripe and maintaining financial records as required by applicable regulations.
We do not use your API request content to train, fine-tune, or improve any AI models. Your prompts and completions remain your intellectual property.
Infyrence is built on Cloudflare's serverless edge runtime (V8 isolates). By design, edge workers are stateless - they do not maintain persistent local caches or retain request data between invocations. This architecture minimizes cold-start data exposure and ensures that no prompt or response content persists in the runtime layer.
Request Telemetry: Inference request metadata (status codes, latency, token counts) is written to your organization's database records and retained for the lifetime of your account to power your usage dashboard.
API Key Logs: If you enable optional request logging, logs are retained for 30 days by default. You may configure a shorter retention period or disable logging entirely through your organization settings.
Billing Records: Usage billing records are retained for 7 years as required by financial regulations.
Account Deletion: When you delete your organization, all associated data - including API key hashes, telemetry records, Virtual Key configurations, and billing meters - is permanently purged within 30 days via cascading database schema deletions (onDelete: "cascade").
Edge-Native Architecture
Infyrence runs entirely on Cloudflare's serverless edge runtime using V8 isolates. Each request is processed in an isolated execution context with no shared mutable state between invocations. There are no long-lived processes, no in-memory session stores, and no persistent local caches - eliminating entire classes of cold-start data exposure risks.
Database Layer
All persistent storage is handled by PostgreSQL, managed through Drizzle ORM with strict schema enforcement. Database connections use TLS-enforced transport, role-based access control with the Principle of Least Privilege, and managed connection pooling to prevent resource exhaustion.
Background Workflows
Background monitoring and telemetry processing leverage non-blocking execution contexts (`c.executionCtx.waitUntil`) to process request logs securely. These operations complete within the edge request lifecycle without creating persistent local runtime caches or blocking response delivery.
API Key Protection
API keys issued to organizations are hashed using SHA-256, a secure one-way cryptographic function. Original keys are never stored, logged, or transmitted in plaintext after initial issuance. In the absolute worst-case scenario of a database breach, the original keys remain computationally infeasible to recover.
TLS 1.3 Encryption
All inbound and outbound traffic between clients and the `api.infyrence.com` gateway is encrypted using TLS 1.3, the latest and most secure version of the Transport Layer Security protocol.
DDoS and Edge Security
Cloudflare Enterprise Edge provides robust protection against distributed denial-of-service attacks, volumetric flooding, and edge-level threats targeting the gateway infrastructure.
No system is completely secure. If you discover a security vulnerability, please report it responsibly to security@infyrence.com.
We do not sell your personal information. Data is shared only under the following circumstances:
Upstream LLM Providers: To fulfill inference requests, formatted payloads are transmitted directly to authorized providers (e.g., Google Cloud Vertex AI). These providers process request content under their own privacy policies and data processing agreements. Infyrence does not share account metadata, billing data, or organizational information with LLM providers.
Payment Processing: Payment processing is handled exclusively by Stripe. We transmit billing-related data (organization ID, usage amount) to Stripe for invoicing. We do not store credit card numbers or full payment details on our servers.
Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request. We will notify affected users unless legally prohibited from doing so.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any change in how your data is processed.
As a developer or organization admin, you maintain absolute ownership and control over your data and infrastructure configuration:
Prompt Data Ownership: All prompt strings, model completions, and user-generated content that transit the Infyrence gateway are your intellectual property. We claim no ownership, license, or training rights over your content.
Virtual Key Management: You may instantly revoke any active Virtual Key at any time through your organization dashboard. Revoked keys are immediately invalidated across all edge nodes without propagation delay.
Metric History Control: You may clear your organization's metric history, usage logs, and telemetry records at any time. Cleared data is permanently purged and cannot be recovered.
Organization Purge: You may completely delete your organization profile, which triggers a cascading deletion (`onDelete: "cascade"`) of all associated database records - including API key hashes, Virtual Keys, billing meters, telemetry data, and team memberships. This action is irreversible.
Data Export: You may export your organization's usage data, API logs (if enabled), and billing records in a structured, machine-readable format (JSON/CSV).
Account Information: You may request a copy of the personal data we hold about your account, or request correction of inaccurate information, by contacting privacy@infyrence.com.
All AI inference requests travel via the fastest available route on the Cloudflare edge network directly to the destination provider infrastructure. Because these requests are handled directly by the upstream infrastructure hosts, they are subject to the respective provider's privacy policy and data processing terms rather than ours.
Account metadata and telemetry data are stored in database infrastructure managed within Cloudflare's network, subject to their enterprise security and compliance certifications.
Infyrence is a developer infrastructure platform intended for use by professionals and organizations. It is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us at privacy@infyrence.com and we will take steps to delete such information.
We may update this Privacy Policy from time to time to reflect changes in our infrastructure, data practices, or legal requirements. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will also send a notification to the email address associated with your organization.
Your continued use of the Infyrence gateway after any changes constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy, please contact us at privacy@infyrence.com