Privacy Policy

1. Introduction

Welcome to SteeringAPI ("we," "our," or "us"). We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI model steering platform and related services (collectively, the "Services").

By accessing or using our Services, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Account Information

When you create an account with us, we collect:

• Name and email address
• Username and password (encrypted)
• Profile information you choose to provide
• Authentication data managed by our third-party authentication provider (Clerk)

2.2 Usage Information

We collect information about how you interact with our Services:

• API usage metrics and statistics
• Credit consumption and billing history
• Feature search queries and results
• Model selection preferences
• Dashboard and application usage patterns
• API key creation and management activities

2.3 Technical Information

We automatically collect certain technical information:

• IP addresses and device identifiers
• Browser type and version
• Operating system information
• Log data and error reports
• Cookies and similar tracking technologies

2.4 Payment Information

When you make a purchase, payment processing is handled by Stripe, our third-party payment processor. We do not store your complete credit card information on our servers. We receive and store limited payment information such as:

• Last four digits of your credit card
• Card type and expiration date
• Billing address
• Transaction history

2.5 Inference Requests and Content

When you use our chat interface or API, you may submit prompts, messages, and related parameters (including steering/intervention settings) to generate model outputs. We process this information to provide the Services, and may retain limited inference request/response data for a short period as described in Section 3 and Section 7.

Please do not submit sensitive information (for example, health, financial, or children's data) in prompts.

3. Inference Content Retention (Limited) and Information We Do Not Store

3.1 LLM Messages and Content

Important: We do not provide a stored chat history feature by default. However, to operate and secure the Services, we may temporarily retain limited inference request and response data (which may include prompts/messages and generated outputs) for a short period.

We retain this data solely for purposes such as debugging, reliability monitoring, incident investigation, fraud prevention, abuse detection, and enforcing our Terms. Unless required to retain it longer for legal or security reasons, inference content is retained for up to 30 days and then deleted or anonymized as described in Section 7.

We do not use your prompts or outputs to train models, and we do not sell your inference content.

Our platform acts as a proxy service that routes your requests to underlying language models. Underlying infrastructure providers may process your data to deliver the Services (see Section 5).

4. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: To provide, maintain, and improve our AI model steering platform and API services
• Account Management: To create and manage your account, authenticate users, and provide customer support
• Billing and Payments: To process transactions, manage credits, and maintain billing records
• Usage Analytics: To understand how our Services are used, optimize performance, and develop new features
• Security: To detect, prevent, and address technical issues, fraudulent activity, and security threats
• Trust & Safety / Abuse Prevention: To monitor for and respond to suspected misuse, enforce our Terms, and protect users and the public
• Communications: To send you service-related announcements, updates, and administrative messages
• Legal Compliance: To comply with applicable laws, regulations, and legal processes

5. How We Share Your Information

We may share your information in the following circumstances:

5.1 Service Providers

We work with third-party service providers who assist us in delivering our Services:

• Clerk: Authentication and user identity management
• Stripe: Payment processing and billing services
• Railway: Application hosting and infrastructure services
• RunPod (or similar cloud GPU providers): GPU compute used to execute model inference requests

These service providers have access to your information only to perform specific tasks on our behalf and are obligated to protect your information.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (court orders, subpoenas, search warrants)
• Government or regulatory requests
• Protection of our rights, property, or safety
• Investigation of potential violations of our Terms of Service

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the business transaction. We will notify you of any such change and the choices you may have regarding your information.

5.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

6. Data Security

We implement appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using industry-standard TLS/SSL protocols
• Encryption of sensitive data at rest
• Regular security assessments and monitoring
• Access controls and authentication mechanisms
• Secure API key management and storage

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as necessary to provide you with our Services and to comply with legal obligations. Specifically:

• Account Information: Retained for the duration of your account plus a reasonable period afterward for legal and business purposes
• Usage Data: Typically retained for analytical purposes for up to 12 months
• Transaction Records: Retained for tax and accounting purposes as required by law (typically 7 years)
• Inference Content (Prompts/Outputs): Retained for up to 30 days for debugging, reliability monitoring, fraud/abuse detection, and incident investigation, then deleted or anonymized (unless we must retain it longer to comply with legal obligations or to protect the security of the Services)

When information is no longer needed, we securely delete or anonymize it.

8. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Portability: Request transfer of your information to another service provider
• Objection: Object to certain processing activities
• Restriction: Request restriction of processing in certain circumstances
• Withdrawal of Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at the email address provided in the Contact Information section. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our platform. These may include:

• Essential Cookies: Required for basic functionality such as authentication and security
• Performance Cookies (if enabled): Help us understand how you use our Services to improve performance
• Functional Cookies: Remember your preferences and settings

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our Services.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

When we transfer information internationally, we take appropriate safeguards to ensure that your information receives an adequate level of protection, which may include:

• Standard contractual clauses approved by relevant authorities
• Ensuring service providers are certified under appropriate frameworks
• Implementing technical and organizational security measures

11. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us. If we learn that we have collected information from a child without parental consent, we will take steps to delete that information.

12. Third-Party Links

Our Services may contain links to third-party websites or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every site you visit.

13. California Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect, use, and disclose
• Right to request deletion of your personal information
• Right to opt-out of the sale of personal information (Note: We do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, please contact us using the information provided in the Contact Information section.

14. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR), including:

• The right to access your personal data
• The right to rectify inaccurate personal data
• The right to erasure ("right to be forgotten")
• The right to restrict processing
• The right to data portability
• The right to object to processing
• Rights related to automated decision-making and profiling

You also have the right to lodge a complaint with your local supervisory authority.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated Privacy Policy on this page
• Updating the "Last Updated" date at the top of this policy
• Sending you an email notification (for significant changes)

Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

16. Subprocessors

Our subprocessors are third-party service providers that process personal information on our behalf to help us deliver the Services. Subprocessors may include:

• Clerk: Authentication and user identity management
• Stripe: Payment processing
• Railway: Application hosting
• RunPod (or similar cloud GPU providers): GPU compute for inference

We may update this list from time to time as we change service providers. If you have questions about our subprocessors, please contact us using the information in Section 17.

17. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

We will respond to your inquiry within a reasonable timeframe, typically within 30 days.

18. Consent

By using our Services, you consent to the collection, use, and sharing of your information as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Services.