Privacy Policy

Last Updated: May 2025

RayAPI ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI API aggregation services.

Please read this Privacy Policy carefully. By accessing or using RayAPI, you consent to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account Information

When you register for an account, we collect:

• Email address
• Account preferences and settings
• Billing information (processed by Stripe)

1.2 API Usage Data

When you use our Service, we collect:

• API requests and timestamps (for billing purposes)
• Model selection and token usage (for service delivery)
• Technical logs necessary for service operation and security

1.3 Prompts and Outputs

Key Point: Your prompts (inputs) and the AI-generated outputs are not stored persistently on our servers after the API request is completed. These are processed in real-time and transmitted to our Model Providers for inference.

1.4 Payment Information

Payment processing is handled by Stripe. We do not store your full credit card details on our servers. We only receive transaction metadata (payment status, timestamps, and billing summary).

2. How We Use Your Information

We use the information we collect to:

• Provide the Service: Process API requests, manage your account, and deliver AI model outputs
• Bill for Usage: Calculate and process payments based on your API consumption
• Improve Performance: Monitor service health, troubleshoot issues, and optimize infrastructure
• Security: Detect and prevent fraud, abuse, and unauthorized access
• Compliance: Meet legal obligations and respond to lawful requests
• Communication: Send service updates, security notices, and respond to inquiries

3. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Specifically:

• Prompts and Outputs: Not stored after request completion (unless required for debugging)
• API Usage Logs: Retained for 30 days for billing and security purposes
• Account Information: Retained until account deletion, plus any retention required by law
• Payment Records: Retained for 7 years to comply with financial regulations

4. Data Sharing and Disclosure

We may share your information with:

4.1 Model Providers

Your prompts are transmitted to third-party AI Model Providers (such as DeepSeek and Qwen) to fulfill your API requests. Each Model Provider's data handling is governed by their respective privacy policies.

4.2 Service Providers

We use trusted third-party services for:

• Payment processing (Stripe)
• Cloud infrastructure (hosting, data storage)
• Analytics and monitoring
• Customer support

These providers are contractually bound to protect your data and use it only for authorized purposes.

4.3 Legal Requirements

We may disclose your information when required by law, legal process, or governmental request, including:

• Compliance with subpoenas, court orders, or legal discovery
• Protection against fraud or security threats
• Enforcement of our Terms of Service

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and the options available to you.

5. Cross-Border Data Transfers

Our Service involves transmitting data across international borders. Your information may be transferred to and processed in countries outside your own, including:

• Singapore (our primary operations)
• United States (Model Providers and infrastructure)
• China (Model Providers: DeepSeek)

When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Contractual protections with service providers
• Compliance with applicable data protection laws
• Standard contractual clauses where required

6. Security

We implement industry-standard technical and organizational measures to protect your data, including:

• Encryption in transit (TLS/HTTPS)
• Secure data centers with access controls
• Regular security assessments and monitoring
• Employee training on data protection

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Rights

Depending on your location, you may have certain rights regarding your personal information:

7.1 Access and Portability

You may request a copy of the personal information we hold about you. Where feasible, we will provide this in a machine-readable format.

7.2 Correction

You may request that we correct inaccurate or incomplete personal information.

7.3 Deletion

You may request deletion of your personal information, subject to legal retention requirements. Note that prompts and outputs are typically not retained after request completion.

7.4 Objection

You may object to certain processing activities, such as direct marketing.

To exercise any of these rights, contact us at support@rayapi.dev.

8. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA) or are otherwise subject to the General Data Protection Regulation (GDPR), this section applies to you.

8.1 Legal Basis for Processing

We process your personal data based on:

• Contractual Necessity: To provide the Service you requested
• Legitimate Interests: For security, fraud prevention, and service improvement
• Legal Obligations: For financial record keeping and compliance
• Consent: Where you have provided explicit consent

8.2 Data Protection Officer

For GDPR-related inquiries, contact us at privacy@rayapi.dev.

8.3 International Transfers

Transfers outside the EEA are conducted under appropriate safeguards, including Standard Contractual Clauses (SCCs) and adequacy decisions.

8.4 Additional Rights

EEA residents also have the right to:

• Request restriction of processing
• Data portability
• Lodge a complaint with a supervisory authority

9. CCPA Compliance (California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of personal information collected, used, disclosed, or sold
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of the sale of personal information (we do not sell your data)
• Non-Discrimination: Equal service regardless of exercising your rights

To exercise these rights, contact us at privacy@rayapi.dev.

10. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child under 18, please contact us immediately.

11. Third-Party Links and Services

Our Service may contain links to third-party websites or services, including Model Provider documentation and payment processors. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page
• Updating the "Last Updated" date
• Sending an email notification for significant changes

Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

• Email: privacy@rayapi.dev
• Discord: Join our community