qlaud

Privacy Policy

Effective 2026-06-09

qlaud ("we", "us") operates an LLM inference gateway and per-user billing layer for AI applications. This policy explains what information we collect from developers and the end-users of their apps, why we collect it, and how we use and share it. It applies to every user of qlaud.ai, the qlaud APIs (including /v1/messages, /v1/chat/completions, and the Threads + Tools surface), and the qlaud SDK.

Information we collect

Account information

When you sign up we collect your name, email address, and (via our identity provider, Clerk) profile data such as avatar and connected OAuth providers. We use this to authenticate you, scope billing and API keys to your workspace, and send service communication.

Billing information

Wallet top-ups are processed by Stripe. We store your Stripe customer ID, transaction amounts, and invoice metadata; we never see, log, or store your full card number — Stripe holds that directly.

Inference traffic (prompts & completions)

Every call to /v1/messages or /v1/chat/completions forwards your prompt — and the model's reply — to the upstream model provider you selected (Anthropic, OpenAI, DeepSeek, Google AI Studio, Groq, xAI, Mistral, Cloudflare Workers AI, ElevenLabs, Deepgram, etc.). When you use the Threads API, we additionally persist each message in our database so subsequent turns can read prior context. We do not train models on your prompts and we do not serve them to other customers. Thread message bodies can be deleted via DELETE /v1/threads/:id, which removes them from our database within 24 hours.

End-user data your app submits

When you mint per-user qlaud keys for your end-users, you may pass us an end_user_id per thread. We use it for spend attribution and to scope per-user MCP tool credentials. If your end-user authorizes a third-party connector (Linear, GitHub, Notion, etc.), we encrypt their token at rest with AES-256-GCM, scope it to that one end-user, and use it only to dispatch specific tool calls they ask the model to make.

Tool credentials

Built-in and MCP tool credentials (Resend keys, GitHub PATs, Linear API keys, etc.) are encrypted with AES-256-GCM using a key we hold separately from the database. We never log or display the plaintext value after the moment of submission.

Operational logs

Our edge workers record request metadata — timestamps, source IP address, user agent, HTTP status, latency, model selected, token counts, and cost — for billing accuracy, abuse prevention, and performance monitoring. These logs are retained for 30 days and then deleted. We do NOT log prompt or completion bodies in operational logs.

How we use your information

  • Provide, operate, and improve the gateway and dashboard.
  • Authenticate API keys and enforce per-key spend caps.
  • Forward your prompts to the upstream provider you selected and stream the response back.
  • Compute per-key, per-end-user, and per-model billing rollups.
  • Detect and respond to abuse, fraud, and security incidents.
  • Communicate with you about updates, incidents, and billing.

Sharing and disclosure

Upstream model providers. Every inference request you make is forwarded to the model provider you selected. Their handling of your prompt is governed by their own privacy policies (Anthropic, OpenAI, Google, etc.) — typically with their own retention windows and data-use commitments. We use Cloudflare AI Gateway as a transparent middle hop for most providers; Cloudflare does not retain inference content.

Service providers. We share information with Cloudflare (compute, edge networking, D1 database, Durable Objects, Workers AI), Clerk (authentication), and Stripe (billing) under written data-processing agreements that require them to keep the data confidential and use it only to deliver their service to us.

Third-party MCP servers and tool webhooks. When you or your end-user connects a vendor MCP server (Linear, GitHub, etc.) or registers a custom webhook tool, qlaud forwards tool-call inputs to that destination on the model's behalf. You control which tools are registered and which credentials are attached.

We do not sell personal information. We may disclose information to comply with valid legal process, protect the rights or safety of users, or investigate policy violations.

Security

API keys are stored as SHA-256 hashes — we never log or display the plaintext key after the moment of issuance. Tool credentials are encrypted with AES-256-GCM using a key managed via Cloudflare Workers secrets. All traffic between your client, the qlaud edge, and our database is encrypted in transit (TLS 1.3). Wallet balance is held in a per-customer Durable Object with single-writer atomic semantics so concurrent debits cannot race past your cap.

Data retention

  • Account information: retained while your account is active and for up to 30 days after deletion.
  • Thread messages: retained until you delete the thread or close your account. Deleted threads are purged within 24 hours.
  • Tool credentials: retained until you revoke the tool or the end-user disconnects.
  • Usage events & billing rollups: retained for 12 months for billing reconciliation and tax records.
  • Operational logs: 30 days, then deleted.

Your rights

You can access, correct, export, or delete the personal information we hold about you from your dashboard or by emailing privacy@qlaud.ai. Per-user key revocation, thread deletion, and tool disconnection are self-serve via the API. Depending on where you live, you may have additional rights under GDPR, the UK GDPR, CCPA, or other privacy laws; we honor those rights.

End-users of your application

If you build an app on qlaud and your end-users interact with it, we are a sub-processor for their data. You are the controller; we act on your documented instructions. You should reflect qlaud's role in your own privacy policy. End-user requests for access, correction, or deletion should be routed through you; we will assist you in fulfilling them.

International transfers

qlaud runs on Cloudflare's global edge network with primary data residency in the United States. If you access the service from outside the US, your information may be transferred to, stored, and processed there. We rely on Standard Contractual Clauses for transfers governed by EU or UK law.

Children's privacy

qlaud is not directed to children under 16 and we do not knowingly collect their information.

Changes to this policy

We may update this policy from time to time. Material changes will be announced by email and posted on this page with a new effective date at least 14 days before taking effect.

Contact

Questions, concerns, or data-subject requests: privacy@qlaud.ai.

Privacy Policy — qlaud — qlaud