Privacy Policy

Effective date: June 25, 2026

1. Data We Collect

2. Lawful Basis for Processing

Under GDPR Article 6, we process your data on the following legal bases:

Data categoryLawful basis
Account data (name, email, OAuth profile)Contract — necessary to provide the Service
Usage and spend dataLegitimate interest — service improvement, fraud prevention, and cost optimization
Payment and billing dataContract (providing the Service) and Legal obligation (tax and financial record-keeping)
IP addresses and audit logsLegal obligation — compliance with sanctions/export controls, fraud prevention
Analytics cookiesConsent — opt-in via cookie banner; not placed until you consent
Marketing emailsConsent — opt-in only, disabled by default

3. How We Use Your Data

4. Data Retention

5. Your Rights

Under GDPR, CCPA, and similar regulations, you have the right to:

6. Sub-Processors

We use third-party sub-processors to operate InferLane. In summary, these cover hosting and serverless compute (Vercel), our primary database (Neon), rate limiting (Upstash), object and backup storage and underlying email infrastructure (AWS), transactional email delivery (Resend), payments, identity verification, and payouts (Stripe), consent-gated product analytics with no PII (PostHog), and the LLM inference providers you choose to route through (including Anthropic, OpenAI, and Google, among others).

The complete, authoritative, and regularly-updated list — including each sub-processor's purpose and processing location — is maintained on our Subprocessors page. AI inference providers are contacted only when you explicitly send a request through the InferLane proxy, and the content of that request transits the provider you select (see Section 1).

7. Cookies

InferLane uses the following cookies:

CookieTypePurposeDuration
next-auth.session-tokenEssentialAuthentication — identifies your logged-in sessionSession
next-auth.csrf-tokenEssentialCSRF protectionSession
il_demoEssentialDemo mode indicatorSession
il_partnerFunctionalReferral attribution90 days
il_analytics_consentEssentialRecords your cookie consent preference1 year
PostHog cookiesAnalyticsAnonymous product analytics1 year

Analytics cookies (PostHog) are only placed after you give explicit consent via the cookie banner. You can withdraw consent at any time through your account settings. We do not use third-party advertising cookies.

8. International Transfers

Data may be processed in the United States. We rely on Standard Contractual Clauses (SCCs) for transfers from the EU/EEA. Our sub-processors maintain appropriate safeguards.

9. Security

We employ encryption at rest and in transit, role-based access controls, and regular security audits. Provider API keys are AES-encrypted before storage.

10. Data Breach Notification

No system is perfectly secure. If we become aware of a data breach involving your personal data that is likely to result in serious harm or risk to your rights, we are committed to notifying affected individuals and the relevant authorities without undue delay, targeting notification within approximately 72 hours of confirming the breach.

Where the Australian Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth) applies, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required. Where the GDPR applies, we will notify the competent supervisory authority in line with Article 33 (generally within 72 hours of becoming aware) and affected data subjects in line with Article 34 where the breach is likely to result in a high risk to their rights and freedoms.

11. Children's Privacy

The Service is not directed at children, and you must be at least 18 years old to use it (see our Terms of Service). We do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from a child, we will delete it promptly. If you believe a child has provided us with personal information, contact us at privacy@inferlane.dev.

12. Changes

We may update this policy from time to time. Material changes will be communicated via email. The "Effective date" at the top reflects the latest revision.

13. Automated Decision-Making

InferLane uses automated routing logic to select AI model providers for your requests. This routing considers factors such as cost, latency, model quality scores, and your configured preferences. These decisions determine which provider processes your request and at what cost, but do not involve profiling or produce legal effects.

Automated spend watchdog (auto-pause). To protect you from runaway spend, InferLane operates an automated spend watchdog. It monitors usage against your configured spend caps and may automatically pause an API key — warning you when a capped key crosses 80% of its daily cap, and, where you have enabled the corresponding anomaly action, automatically pausing the key when it detects an abnormal usage spike. A pause is an automated decision that can temporarily affect your access to the Service for the affected key. You can review and reconfigure these caps and anomaly actions, and re-enable a paused key, in your account settings.

You can override automated routing decisions at any time by setting explicit provider preferences in your account settings or by specifying a provider directly in your API requests. You also have the right to request human review of any routing or auto-pause decision by contacting us at privacy@inferlane.dev.

14. Contact

For privacy inquiries, data export requests, or deletion requests, contact us at privacy@inferlane.dev.