Privacy Policy

Last updated: June 2026

LLMLite is built on a simple principle: your prompts are yours. We route your requests to AI models and get out of the way. Here is exactly what we collect, what we do not, and how we handle your data.

What We Collect

We collect only what is necessary to run the service:

  • Email address — used to create your account and send your API key.
  • Password — stored as a bcrypt hash only. We never store or see your plain-text password.
  • Request metadata — token count, model used, estimated cost, and timestamp for each API call. This powers your usage dashboard.
  • Subscription status — your current plan (Free, Pro, or Max) and billing state via Paddle.

What We Do NOT Collect

  • Your prompt text or AI responses — these pass directly to the model provider and are never stored by us.
  • Your IP address.
  • Device or browser fingerprint data.
  • Any data for advertising or third-party tracking purposes.

How We Use Your Data

  • To provide your account, API key, and dashboard.
  • To display your usage stats and estimated savings.
  • To send important account alerts (e.g. approaching token limit).
  • To process payments and manage your subscription.
  • We never sell, share, or rent your data to any third party.

Data Storage

Your account data is stored in Supabase (PostgreSQL), hosted on AWS with enterprise-grade encryption at rest and in transit. Request metadata logs are retained for your current billing period to power your dashboard. You can request deletion of your account and all associated data at any time by emailing us.

Third-Party Services

LLMLite routes prompts through the following providers. Your prompts are subject to their respective privacy policies:

  • OpenRouter — routes simple prompts to simple cost saving models.
  • Google Gemini (via Google AI Studio) — handles complex prompts.
  • Supabase — database and authentication.
  • Paddle — payment processing. We never see or store your card details.
  • Vercel — frontend hosting.

Cookies & Local Storage

We use localStorage to store your session token locally on your device (a default behavior of our authentication provider, Supabase). Your API key is shown to you once at creation time and is never stored in your browser — if you lose it, you'll need to generate a new one. We use no advertising cookies and no third-party tracking cookies. Supabase sets a session cookie for authentication purposes only.

Children's Privacy

LLMLite is not intended for users under the age of 13. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it immediately.

Your Rights

We will respond to all requests within 30 days.

Changes to This Policy

If we make significant changes to this policy, we will notify you by email before the changes take effect. The "Last updated" date at the top of this page will always reflect the most recent revision.

Contact

Questions about this policy? Email us at llmlite.support@gmail.com