AggreGate (“we”, “us”) operates the AI gateway service at api.aggregate.surf and the web dashboard at aggregate.surf. This policy describes what we collect, why, and what we do not collect.
1. What we collect
Account data
- Email address and display name (you provide these).
- Password (stored only as a salted bcrypt hash).
- Account role, creation timestamp, last login.
- Referral relationship if you signed up via an invite link.
API request metadata
- Model name, input/output token counts, latency, HTTP status.
- API key ID used for the request (not the key itself).
- Upstream channel that served the request.
- Approximate timestamp of the request.
Payment data
- Payment amount, currency, status, and the transaction ID returned by our payment processors (Platega for fiat, CryptoBot for crypto).
- We never see your card number, bank details, or crypto wallet credentials. Those go directly to the processor.
2. What we do NOT collect
- Prompt content. Request and response bodies are streamed through our gateway and discarded. We do not store, inspect, or train on the contents of your prompts or model outputs.
- Browser fingerprints, ad cookies, third-party trackers. The marketing site and dashboard do not ship any third-party analytics or advertising scripts.
- Government IDs or KYC documents, unless explicitly required by your payment processor for high-value fiat transactions (handled by Platega, not by us).
3. Why we collect it
- Account data — to authenticate you, send verification and security emails, and apply referral bonuses.
- Request metadata — to compute your bill, render usage dashboards, enforce per-key rate limits, and diagnose upstream channel health.
- Payment data — to credit your balance, issue invoices, and reconcile with the payment processor.
4. How long we keep it
- Account data: until you delete your account, then purged within 30 days.
- Request metadata: 90 days of detailed logs, then aggregated to daily totals indefinitely (for your usage history and our financial records).
- Payment records: retained for 7 years per tax and accounting requirements.
- Soft-deleted upstream credentials (master keys) are purged from our secret store within 30 days of deletion.
5. Who we share it with
We share only what is operationally necessary:
- Upstream model providers (Anthropic, OpenAI, Google, and others) receive your prompt content because they generate the response. They are subject to their own privacy terms.
- Payment processors (Platega, CryptoBot) receive the payment amount and a webhook callback. They do not see your account password or API keys.
- Email delivery provider receives your email address and the message body of verification and password reset emails.
We do not sell user data, ever. We do not share data with advertisers or data brokers. We will respond to lawful legal process directed at the AggreGate operator.
6. Your rights
- Export your data: request a JSON dump of your account, request metadata, and payment history at any time from Settings.
- Delete your account: removes your auth record, balance, API keys, and referral links within 30 days. Aggregated financial records are retained per Section 4.
- Rotate or revoke any API key instantly from the dashboard.
7. Security
TLS 1.3 on all endpoints. Passwords hashed with bcrypt. API keys hashed with SHA-256 and never displayed after creation. Upstream provider credentials stored encrypted at rest in HashiCorp Vault. All inter-service traffic uses short-lived JWTs.
8. Changes to this policy
If we materially change what we collect or how we use it, we will email all active accounts at least 30 days before the change takes effect. The current version is always live at this URL.
9. Contact
Privacy questions, deletion requests, or data export requests: privacy@aggregate.surf.
Telegram: @aggregate_support — for urgent privacy-related inquiries.