Effective Date: January 1, 2025. Last updated: March 1, 2025.
GPT42 Hub, Inc. ("GPT42 Hub," "we," "our," or "us") operates an LLM API gateway platform accessible at gpt42hub.com. This Privacy Policy explains how we collect, use, share, and protect information about you when you use our website, platform, and services. By using our services, you agree to the practices described in this Privacy Policy.
When you create an account, request API access, or contact us, we collect information you voluntarily provide. This may include your name, work email address, company name, job title, phone number, billing address, and any other information you choose to submit through our contact forms, sign-up flows, or support channels.
When you use the GPT42 Hub platform, we collect information about your account activity. This includes API call logs (metadata only: timestamp, model requested, token counts, response latency, error codes), API key identifiers, configuration settings, routing policy definitions, and billing and payment information. We do not retain the content of your LLM prompts or model responses beyond the period required to complete the request and generate billing records, unless you have explicitly configured extended retention for debugging or evaluation purposes.
When you visit gpt42hub.com or make API calls, we automatically collect technical information including IP addresses, browser type and version, operating system, referring URL, pages visited, time spent on pages, clickstream data, and device identifiers. We collect this information through cookies, server logs, and similar tracking technologies.
If you communicate with us by email, phone, or through our support portal, we retain records of those communications. This includes support tickets, feedback submissions, and inquiries about our services.
We use the information we collect for the following purposes:
If you are located in the European Economic Area or United Kingdom, our legal basis for processing your personal data depends on the nature of the processing. We process data for contract performance where processing is necessary to provide the services you have requested. We process data for legitimate interests where we have a legitimate business interest, such as improving our platform, preventing fraud, and ensuring platform security. We process data with your consent for marketing communications, which you may withdraw at any time. We process data to comply with legal obligations applicable to us.
We share information with third-party service providers who perform services on our behalf. These include payment processors, cloud infrastructure providers, email service providers, customer support platforms, and analytics vendors. We require all service providers to protect your information and only use it for the purposes we specify.
When you make API calls through GPT42 Hub, your prompts are transmitted to the LLM model provider selected by our routing engine. Each provider has its own privacy policy and data handling practices. We encourage you to review the privacy policies of connected providers: OpenAI, Anthropic, Google, Meta, Mistral AI, and others available through the platform.
We may disclose your information when required by applicable law, regulation, legal process, or governmental request. We will provide notice where permitted before disclosing information in response to law enforcement requests.
In the event of a merger, acquisition, asset sale, or other corporate transaction, your information may be transferred to the acquiring entity. We will provide notice before your information is transferred or becomes subject to a different privacy policy.
We retain your personal information for as long as necessary to provide our services, fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements. Account data is retained for the duration of your account plus a 90-day deletion window after account closure. API call metadata is retained for 12 months for billing reconciliation and compliance purposes. Extended retention periods may apply for enterprise customers with contractual requirements.
We implement technical and organizational measures designed to protect your information against unauthorized access, disclosure, alteration, and destruction. These measures include encryption in transit (TLS 1.2+), encryption at rest for stored data, SOC 2 Type II certification, multi-factor authentication for administrative access, regular security assessments, and employee security training. No method of transmission or storage is completely secure; we cannot guarantee absolute security.
Depending on your location, you may have certain rights regarding your personal information. These may include the right to access the personal information we hold about you, the right to correct inaccurate or incomplete information, the right to request deletion of your personal information subject to applicable legal requirements, the right to object to or restrict certain processing activities, and the right to data portability for information you have provided to us. To exercise these rights, contact us at api@gpt42hub.com. We will respond within 30 days.
We use cookies and similar technologies to operate and improve gpt42hub.com. Strictly necessary cookies are required for basic platform functionality. Analytics cookies help us understand how visitors use our site. You can control cookie preferences through your browser settings or our cookie preference interface. For more information, see our Cookie Policy.
GPT42 Hub is headquartered in New York, NY. If you access our services from outside the United States, your information may be transferred to and processed in the United States. We comply with applicable requirements for international data transfers, including maintaining Standard Contractual Clauses for transfers from the EU/EEA.
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected personal information from a minor, we will take steps to delete it promptly. Contact us at api@gpt42hub.com if you believe we have collected information from a minor.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice on our website. Your continued use of our services after the effective date of the updated policy constitutes your acceptance of the changes.
GPT42 Hub, Inc.
350 5th Ave, Suite 4200
New York, NY 10118
Email: api@gpt42hub.com
Phone: (212) 555-0149
We retain personal data only as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. When determining retention periods, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, and applicable legal requirements.
In general, we retain account information for the duration of your relationship with us plus a reasonable period afterward. Log data is retained for up to 12 months. Analytics data may be retained in aggregated, anonymized form indefinitely.
We may transfer your personal data to countries outside your jurisdiction. When we do so, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by relevant authorities, adequacy decisions, or other legally recognized mechanisms. You may request information about these safeguards by contacting us.
Our services are not directed to individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that data promptly.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately so we can take appropriate action.
If you are a California resident, you have the right to: (1) know what personal information is collected about you; (2) know whether your personal information is sold or disclosed and to whom; (3) opt out of the sale of your personal information; (4) access your personal information; (5) request deletion of your personal information; (6) not be discriminated against for exercising your privacy rights.
To exercise these rights, please submit a verifiable consumer request to our privacy team. We will respond within 45 days. We do not sell personal information as defined under California law.
For questions about our privacy practices or to exercise your rights, you may contact our Data Protection Officer at the address provided in this policy. We are committed to working with you to resolve any privacy concerns promptly and transparently.
We may use automated processing to analyze your data in certain contexts, such as fraud detection or personalized recommendations. You have the right to request human review of automated decisions that significantly affect you. To exercise this right, contact us using the information provided in this policy.
We retain personal data only as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. When determining retention periods, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, and applicable legal requirements.
In general, we retain account information for the duration of your relationship with us plus a reasonable period afterward. Log data is retained for up to 12 months. Analytics data may be retained in aggregated, anonymized form indefinitely.
We may transfer your personal data to countries outside your jurisdiction. When we do so, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by relevant authorities, adequacy decisions, or other legally recognized mechanisms. You may request information about these safeguards by contacting us.
Our services are not directed to individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that data promptly.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately so we can take appropriate action.
If you are a California resident, you have the right to: (1) know what personal information is collected about you; (2) know whether your personal information is sold or disclosed and to whom; (3) opt out of the sale of your pe