Privacy Policy

Last updated: January 28, 2026

1. Information We Collect

llmsecure collects information to provide, maintain, and improve our Service. The types of information we collect include:

Account Information

  • Name, email address, and profile information provided through OAuth authentication (Google) or email/password registration.
  • Organization and tenant information associated with your account.

Usage Data

  • API request logs, including timestamps, request metadata, and validation results (SAFE/UNSAFE classifications).
  • Prompt content submitted through the API for validation purposes. This data is processed in real time and retained according to our data retention policy.
  • Rate limit and quota usage associated with your subscription tier.

Technical Data

  • IP addresses, browser type, device information, and operating system.
  • Log data, including access times, pages viewed, and referring URLs.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service: Processing your API requests, performing prompt injection detection, and returning validation results.
  • Account Management: Authenticating your identity, managing your subscription, and administering your API keys.
  • Analytics and Improvement: Generating aggregated, anonymized usage statistics to improve detection accuracy and Service performance. We do not use your raw prompt data to train models without your explicit consent.
  • Security: Monitoring for abuse, preventing unauthorized access, and maintaining the integrity of the Service.
  • Communication: Sending you service-related notifications, security alerts, and account updates.
  • Billing: Processing payments and managing your subscription through our payment provider.

3. Data Storage and Security

We take the security of your data seriously and implement industry-standard measures to protect it:

  • All data is encrypted in transit using TLS 1.2 or higher.
  • Sensitive data, including API keys, is stored using one-way cryptographic hashing. We store only key prefixes for identification purposes.
  • Access to production systems is restricted to authorized personnel and protected by multi-factor authentication.
  • We perform regular security audits and vulnerability assessments.

While we strive to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your information.

4. Third-Party Services

We integrate with the following third-party services to operate the llmsecure platform:

  • OAuth Providers (Google): We use Google OAuth for authentication. When you sign in through Google, we receive your name, email address, and profile picture. We do not access any other data from Google. Your use of this service is subject to Google's privacy policy.
  • Stripe: We use Stripe to process payments and manage subscriptions. Stripe collects and processes your payment information (such as credit card details) directly. We do not store your full payment card information on our servers. Stripe's handling of your data is governed by the Stripe Privacy Policy.
  • LLM Providers: If you enable dynamic detection, prompt data may be sent to third-party LLM providers (such as OpenAI or Anthropic) for sandbox-based analysis. This processing is performed solely for detection purposes and is subject to the respective provider's data handling policies.
  • Google Analytics: We use Google Analytics 4 to collect anonymized usage data such as page views, feature usage, and general traffic patterns. Google Analytics may use cookies to distinguish unique users. No personally identifiable information is sent to Google Analytics. You can opt out by installing the Google Analytics Opt-out Browser Add-on.

5. Data Retention

We retain your data for as long as necessary to provide the Service and fulfill the purposes outlined in this policy:

  • Account data is retained for the duration of your account and for a reasonable period after termination to allow for account recovery or dispute resolution.
  • API request history is retained based on your subscription tier: 7 days for Free, 30 days for Pro, 90 days for Pro+, and up to 1 year for Enterprise plans.
  • Prompt content submitted via the API is processed in real time for validation and is retained only within the request history period described above.
  • Aggregated analytics (which cannot identify individual users) may be retained indefinitely to improve the Service.

You may request deletion of your data at any time by contacting us or through your account settings.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: You may request a copy of the personal data we hold about you.
  • Correction: You may request that we correct any inaccurate or incomplete personal data.
  • Deletion: You may request that we delete your personal data, subject to certain exceptions (such as legal obligations or legitimate business interests).
  • Portability: You may request a copy of your data in a structured, machine-readable format.
  • Objection: You may object to the processing of your personal data in certain circumstances.
  • Restriction: You may request that we restrict the processing of your personal data under certain conditions.

To exercise any of these rights, please contact us at privacy@llmsecure.io. We will respond to your request within 30 days.

7. Cookies

llmsecure uses cookies and similar technologies to operate and improve the Service:

  • Essential cookies: Required for authentication and session management. These cookies are necessary for the Service to function and cannot be disabled.
  • Analytics cookies: Used to collect aggregated information about how the Service is used, helping us improve performance and user experience. These cookies do not collect personally identifiable information.

You can control cookie preferences through your browser settings. Note that disabling essential cookies may prevent you from using certain features of the Service.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by posting the updated policy on the Service and updating the "Last updated" date at the top of this page.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

9. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us at:

privacy@llmsecure.io