Privacy Policy
Last updated: July 4, 2026
Who we are
Model Database (“we,” “us”) operates the API and website at
modeldatabase.com. For any privacy question, contact
[email protected].
Information we collect
- Account data: your email address and a securely hashed password (or a Google sign-in identifier if you use Google). Passwords are hashed with Argon2 and never stored in plaintext.
- Billing data: payments are processed by Stripe. We do not receive or store your full card number — Stripe handles card data under its own PCI-compliant systems. We keep a record of your prepaid top-ups and credit balance.
- API usage metadata: for each request we record the model called, the endpoint, token counts, the cost, the HTTP status, latency, and a timestamp. This is what powers your usage dashboard and your bill.
- API keys: stored only as a SHA-256 hash. We cannot recover the plaintext of a key after you create it.
What we do not store
We do not store the content of your prompts (the messages you send) or the content of the models' responses. Our systems record only the usage metadata described above. We do not use your requests, prompts, or outputs to train any model.
How your prompt is processed
Model Database is a gateway. To fulfil a request, your prompt is transmitted in real time to the upstream provider that hosts the model you selected, which processes it and returns a response. We pass this through; we do not retain the content. Each upstream provider handles the request under its own terms and privacy practices. If your data is sensitive, choose your model accordingly.
Cookies & analytics
The site is served through Cloudflare, which provides our CDN and security layer and collects aggregate, privacy-preserving traffic analytics. We use a session cookie to keep you signed in to your dashboard. We do not run third-party advertising trackers.
Data retention
Usage metadata and billing records are retained for as long as your account is active and as needed for accounting, reconciliation, and legal obligations. You may request deletion of your account and associated data by emailing [email protected]; we will delete data that we are not required to retain for legal or financial-record purposes.
Security
Data is transmitted over TLS. Passwords are hashed with Argon2 and API keys with SHA-256. Access to production systems is restricted. No system is perfectly secure, but we take reasonable measures to protect your information.
Your rights
You may access, correct, export, or delete your account data by contacting us. Depending on where you live, you may have additional rights under laws such as the GDPR or CCPA; we honour valid requests under applicable law.
Changes
We may update this policy; we will revise the “last updated” date above and, for material changes, notify account holders. Continued use after an update constitutes acceptance.