Legal
Privacy Policy
This Privacy Policy explains how Metis (“KeyForge”) collects, uses, discloses, and protects personal data in connection with the Service.
Effective date: July 6, 2026·Last updated: July 6, 2026
1. Scope and roles
This Policy applies to personal data we handle as a controller — for example, information about account holders and website visitors. When we process personal data contained in your requests and content on your behalf, we act as a processor and the terms of our Data Processing Addendum govern that processing.
2. Notice at collection — categories we collect
In the last 12 months we collect or may collect the following categories of personal data:
- Identifiers and account data: name, email address, hashed password, organization, and authentication identifiers (including Google sign-in identifiers where used).
- Commercial / billing data: subscription plan, transaction history, and billing details processed by our payment processor (we do not store full card numbers).
- Usage and gateway metadata: virtual-key identifiers, request timestamps, model and provider used, token counts, cost, rate-limit and budget events, and status codes.
- Audit records: cryptographically hash-chained log entries describing gateway activity for security and verification.
- Technical data: IP address, device/browser information, and cookie or analytics identifiers.
- Communications: messages you send to support, legal, or security contacts.
We do not intentionally collect sensitive personal information for the purpose of inferring characteristics about you, and we do not sell personal information.
3. How and why we use personal data
- Provide, operate, secure, and support the Service, including authentication, routing, budgeting, and rate limiting.
- Generate and maintain tamper-evident audit logs for security and verification.
- Process payments, manage subscriptions, and prevent fraud and abuse.
- Communicate with you about your account, security, billing, and material changes to the Service or policies.
- Understand and improve product usage through privacy-conscious analytics.
- Comply with legal obligations and enforce our terms.
4. Legal bases (GDPR / UK GDPR)
Where the GDPR or UK GDPR applies, we rely on the following legal bases:
- Performance of a contract — to provide the Service you request and administer your account.
- Legitimate interests — to secure the Service, prevent abuse, maintain audit integrity, and improve our product, balanced against your rights.
- Legal obligation — to comply with tax, accounting, and other legal requirements.
- Consent — where required, for example certain analytics or marketing; you may withdraw consent at any time.
5. Cookies and analytics
We use strictly necessary cookies to operate the site and keep you signed in. With your consent where required, we use privacy-conscious analytics to understand aggregate usage. You can control cookies through your browser settings; disabling some cookies may affect functionality.
6. How we share personal data
We share personal data with service providers (subprocessors) who process it on our behalf under written contracts, including payment processing, cloud infrastructure and database hosting, email delivery, authentication, analytics, and model providers. Our current subprocessors are listed on our subprocessor page.
We may also disclose personal data to comply with law or valid legal process, to protect rights, safety, and the integrity of the Service, and in connection with a merger, acquisition, or sale of assets (subject to this Policy). We do not sell personal information and do not share it for cross-context behavioral advertising.
7. Retention and audit-log immutability
We retain personal data for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Account data is retained for the life of your account and a reasonable period thereafter; billing records are retained as required by law.
Audit records are special. The Service’s audit trail is cryptographically hash-chained and append-only so that tampering is detectable. Because deleting or editing a historical entry would break the chain’s integrity, when we honor an erasure request we remove or anonymize personal identifiers within audit records where technically feasible while preserving the non-identifying integrity metadata needed to keep the chain verifiable. We retain that minimized information on the basis of our legitimate interest in security and tamper-evidence and, where applicable, legal obligation.
8. Security
We use commercially reasonable technical and organizational measures to protect personal data, including encryption in transit and at rest, least-privilege access controls, virtual keys that avoid exposing raw provider credentials, and tamper-evident audit logging. No system is completely secure, and we cannot guarantee absolute security.
9. International transfers
We and our subprocessors may process personal data in the United States and other countries. Where we transfer personal data from the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses and equivalent mechanisms.
10. Your rights — EEA / UK (GDPR)
Subject to applicable law, you may have the right to:
- Access the personal data we hold about you and obtain a copy.
- Rectify inaccurate or incomplete data.
- Erase your data in certain circumstances.
- Restrict or object to certain processing, including processing based on legitimate interests.
- Data portability for data you provided.
- Withdraw consent where processing is based on consent.
- Lodge a complaint with your supervisory authority.
11. Your rights — California (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know and access the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of recipients.
- Delete personal information we have collected, subject to exceptions.
- Correct inaccurate personal information.
- Opt out of the sale or sharing of personal information — note that we do not sell or share personal information as those terms are defined under the CPRA.
- Limit the use of sensitive personal information — we do not use sensitive personal information to infer characteristics.
We will not discriminate or retaliate against you for exercising any of these rights. You may exercise rights by emailing [email protected]. We will verify your request using account information before responding, and you may use an authorized agent where permitted by law.
12. Children
The Service is not directed to children under 18, and we do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it.
13. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date and provide additional notice where required by law. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.
14. Contact
For privacy questions or to exercise your rights, contact [email protected]. Our data protection contact can be reached at [email protected]. Our registered postal address is available on request.