Privacy Policy
Last updated: April 16, 2026
What We Collect
- Account information: Email address and display name (via Google or GitHub OAuth).
- Payment information: Processed by Stripe. We never store card numbers, CVVs, or bank details.
- Usage metadata: Model identifier, input and output token counts, request timestamp, credit cost, latency, and stream status — for billing and usage reporting. We do not log, store, or retain any part of request or response content. Body logging is disabled by default at the infrastructure level.
- Session data: Hashed session tokens for authentication. No tracking cookies.
Request Content
1K4.AI operates as a stateless API proxy. The content of your API requests — prompts, messages, system instructions, function calls, images, and file attachments — and responses (model outputs) passes through our routing layer in memory only, for the sole purpose of forwarding to the selected AI provider.
Request and response content is never written to disk, database, log file, or any persistent storage in normal operation. Body logging is disabled by default at the infrastructure level. The metadata logging schema stores only billing metadata (model identifiers, token ratios, cost calculations) — not request or response payloads.
Data Flow Specifics
Usage metadata retained for up to 90 days for billing verification includes:
- Timestamp of the request
- Model identifier (e.g.,
claude-sonnet-4-5-20250929) - Input token count
- Output token count
- Credit cost
- User ID
- Request latency
- Whether the request was streamed
This metadata does not include any part of the request or response payload. It exists solely for billing accuracy and usage reporting.
How We Use Your Data
- Authenticate your account and manage sessions.
- Process payments and maintain your credit balance.
- Route API requests to the appropriate AI provider.
- Track usage for billing accuracy.
- Send transactional emails (magic links, payment receipts).
What We Don't Do
- We do not sell, rent, or share your personal data with third parties for marketing.
- We do not read, store, or log the content of your API requests or responses.
- We do not use your data to train AI models.
Google User Data
1K4.AI's Lab assistant can optionally connect to your Google account to access Google Calendar, Gmail, and Google Drive on your behalf. These connections are initiated by you and can be revoked at any time from the Extensions panel in Lab.
When you connect a Google service, 1K4.AI requests only the permissions (scopes) needed for that specific integration:
- Google Calendar: View your calendar events and create new events on your behalf, only when you ask the assistant to do so.
- Gmail: Search and read your emails, and send emails on your behalf, only when you ask the assistant to do so.
- Google Drive: Read and write files in your Drive that you explicitly reference in conversation.
How we use this data: Google user data is accessed in real time to fulfill your requests within the Lab assistant. Calendar events, email content, and Drive files are processed in memory to generate the assistant's response and are not written to disk, database, or any persistent storage beyond encrypted OAuth refresh tokens needed to maintain your connection.
What we do not do with Google user data:
- We do not store, cache, or log the content of your emails, calendar events, or Drive files.
- We do not use Google user data to train AI models.
- We do not sell, rent, or share Google user data with third parties.
- We do not use Google user data for advertising or profiling.
- Google user data is forwarded to the AI model provider you selected solely to process your request, subject to that provider's data handling policy.
1K4.AI's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Third-Party Services (Subprocessors)
We use the following third-party services to operate 1K4.AI:
| Service | Purpose | Data Shared | Policy |
|---|---|---|---|
| Stripe | Payment processing | Email, payment amount, card details (handled by Stripe, never stored by 1K4.AI) | Privacy |
| Cloudflare | CDN, DDoS protection, tunnel routing | IP address, request metadata (standard CDN operation) | Privacy |
| Hetzner | Infrastructure & data storage | Account data, Lab content, compute infrastructure (self-hosted MongoDB, encrypted at rest) | Privacy |
| Resend | Transactional email delivery | Email address (for magic links and payment receipts only) | Privacy |
| Google Analytics | Website analytics (consent-based) | Anonymous usage data, page views, events (only with cookie consent) | Privacy |
| Cookiebot | Cookie consent management | Consent preferences, anonymized IP | Privacy |
| OpenAI | AI model provider | Request content (forwarded as-is for processing) | Privacy |
| Anthropic | AI model provider, dashboard assistant | Request content (forwarded as-is); assistant conversations (sent for processing) | Privacy |
| Google (Gemini) | AI model provider | Request content (forwarded as-is for processing) | Terms |
| xAI | AI model provider | Request content (forwarded as-is for processing) | Terms |
| Basescan | Blockchain verification (Base network) | Transaction hash, wallet address (for USDC/USDT payment verification) | Privacy |
| Etherscan | Blockchain verification (Ethereum network) | Transaction hash, wallet address (for USDC/USDT payment verification) | Privacy |
Data Retention
- Account data is retained while your account is active.
- Transaction records are retained for accounting and legal compliance.
- Session tokens expire automatically (30 days) and are purged via TTL indexes.
- Lab conversations and project files are retained while your account is active. You may request deletion at any time.
- Usage logs are retained for up to 90 days for billing verification.
Free Request Data
Free tier usage is subject to the same data handling policies as paid usage. Free requests generate the same metadata records (model, tokens, cost, timestamp) and nothing more. No additional tracking or monitoring.
Cryptocurrency Payments
1K4.AI accepts USDC and USDT payments on the Base and Ethereum networks. Cryptocurrency payment data includes: wallet address, transaction hash, chain, token type, and payment amount. Transactions are verified via Basescan (Base network) or Etherscan (Ethereum network). This data is retained alongside billing transactions for payment verification. We do not have access to your wallet private keys or any other on-chain activity beyond the specific payment transaction.
Upstream AI Provider Data Handling
When 1K4.AI routes your request to a third-party AI model provider, that provider's data handling policies apply to the content of your request and the model's response. We do not control how providers process your inputs or outputs, including whether they use data for model training. All providers we work with confirm that API data submitted through paid API access is not used for training by default, but you are responsible for reviewing the applicable provider's privacy policy for the models you use. 1K4.AI forwards requests as-is and does not modify, inspect, or cache request content in API Proxy mode.
Your Rights
You may request a copy of your data, correction of inaccurate data, or deletion of your account by contacting us. We will respond within 30 days. Account deletion will remove your personal data, though anonymized transaction records may be retained for legal compliance.
Incident Notification
In the event of a data breach affecting your personal information, we will notify affected users within 72 hours of confirming the breach. Notification will be sent to your registered email address and will include: a description of the incident, the types of data involved, and steps we are taking in response.
Analytics & Cookies
1K4.AI uses Google Analytics 4 (via Google Tag Manager) to understand how visitors use the website — page views, sign-up methods, and payment completions. Analytics scripts load only after you grant consent through our cookie banner (powered by Cookiebot). If you decline, no analytics cookies are set and no data is sent to Google.
Analytics data is aggregated and does not include API request content, prompts, or model responses. You can withdraw consent at any time by clicking the cookie settings link in the page footer.
Cookies
- Essential: Session authentication cookie (httpOnly, Secure, SameSite=Lax). Required for sign-in.
- Analytics (optional): Google Analytics cookies (
_ga,_ga_*) set only with your consent. Used for anonymous usage statistics. - Consent: Cookiebot cookie (
CookieConsent) to remember your cookie preferences.
Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email or a notice on the website. Continued use of 1K4.AI after changes constitutes acceptance of the updated policy.
Contact
For privacy-related inquiries, contact us at [email protected].