Privacy Policy

Last updated: February 5, 2026

1. Information We Collect

We collect information that you provide directly to us, including:

• Account information (email, name)
• OpenAI API keys (encrypted at rest)
• Usage metadata (model, tokens, cost, timestamps)
• Payment information (processed by Stripe)

Important: We do NOT store your prompts, responses, or conversation content. Only metadata is logged for cost tracking and analytics.

2. How We Use Your Information

We use the information we collect to:

• Provide and maintain the CostShield service
• Enforce budget limits and track costs
• Process payments and manage subscriptions
• Send you service-related communications
• Improve our service and develop new features

3. Data Security

We implement industry-standard security measures to protect your data:

• AES-256-GCM encryption for API keys at rest
• TLS 1.3 encryption for all data in transit
• Row-Level Security (RLS) in our database
• Regular security audits and updates

4. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Usage logs are retained according to your subscription tier:

• Free tier: 7 days
• Starter tier: 90 days
• Professional tier: 1 year

5. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your account and data
• Export your data (CSV/JSON)
• Opt out of marketing communications

6. Contact Us

If you have questions about this Privacy Policy, please contact us at:

Email: privacy@costshield.dev
Address: [Your Company Address]