Privacy Policy

Last updated: February 16, 2026

UseNull is built for privacy-first API usage. This policy explains exactly what we collect, what we do not collect, and how data is handled.

What We Do Not Collect

• Prompts, messages, or AI responses. They are not stored and not logged by our application.
• Long-lived IP address access logs for API traffic. Edge access logging is disabled.
• Request or response bodies in application logs.
• Website analytics trackers or browsing-behavior profiling.

What We Collect

• Account email address and authentication identifiers for account management.
• Hashed API keys and key metadata (name, prefix, created time, last-used time).
• Billing metadata per request (token counts, model alias, timestamps, internal ids, and billing delivery status).
• Aggregate usage totals per API key per day (for dashboards and quotas).
• Payment records via Stripe. We do not receive raw card numbers.
• Short-lived counters/timestamps for rate limiting and anti-abuse controls.

Infrastructure Transparency

• Full Privacy models route through decentralized inference backends.
• Anonymized models strip account identifiers before upstream forwarding. Upstream services may process prompts, but prompts are not linked to your UseNull account identity.
• Cloudflare is used for DNS only (no reverse proxy of API payloads).
• Database stores user accounts, hashed API keys, and minimal billing metadata (no prompts or responses).

Data Retention

We retain billing metadata for the minimum time needed to operate the service. By default, usage aggregates and billing receipts are retained for up to 60 days, and webhook idempotency records are retained for up to 30 days, then deleted.

Data Location

Dedicated server (United States).

Contact

Privacy questions: privacy@usenull.ai