Privacy Policy
Effective: April 1, 2026 · Version 1.0
1. Who We Are
AIGate ("we", "us") is part of the Melyx ecosystem. We operate aigatecloud.com and related subdomains. Contact: [email protected]
2. Data We Collect
| Data | Purpose | Retention |
|---|
| Email address | Account creation, billing, product updates | Until account deleted |
| API usage logs | Credit deduction, abuse prevention, analytics | 90 days |
| IP address | Rate limiting, fraud prevention, GeoIP (country only) | 30 days |
| Prompts submitted | Library enrichment (anonymized), abuse detection | 30 days |
| BYOK API keys | Stored AES-256-CBC encrypted, never logged in plaintext | Until revoked |
| Generated assets | May be added to shared library (anonymized, no user link) | Indefinite |
3. What We Do NOT Collect
- Payment card numbers (processed by third-party payment providers).
- Browser fingerprints or tracking cookies beyond session management.
- Biometric data.
- Content of private communications.
4. How We Use Your Data
- Service delivery: routing requests, deducting credits, returning results.
- Security: detecting abuse, rate-limit enforcement, fraud signals.
- Product updates: occasional emails about new features (unsubscribe any time).
- Improvement: anonymized aggregated analytics to improve routing quality.
5. Data Sharing
We do not sell your personal data. We share data with:
- AI providers (when you call generate endpoints): only your prompt and aspect ratio are sent — no email or account data.
- Asset library sources (Pexels, Pixabay, Pollinations): anonymized search terms only.
- Legal authorities: only when required by law or to report CSAM.
6. BYOK Keys
Keys you add to the BYOK Vault are encrypted at rest using AES-256-CBC with a server-side key. They are decrypted in memory only when needed to route your request. We never log or display keys after storage.
7. Cookies
- auth_token: HTTP-only secure cookie for session management. Expires in 7 days.
- No third-party tracking cookies or advertising pixels.
8. Your Rights
- Access: request a copy of your data via email.
- Deletion: delete your account and all associated data (except usage logs required for billing disputes for 90 days).
- Correction: update your email via dashboard.
- Portability: export your usage history as CSV.
- Unsubscribe: opt out of marketing emails at any time.
To exercise these rights, email [email protected] — we respond within 30 days.
9. Data Security
- All connections over HTTPS (TLS 1.2+).
- API keys hashed with one-way hash for storage; BYOK keys AES-256 encrypted.
- Database access restricted to internal network only.
- Regular backups with encrypted storage.
10. Children
AIGate is not directed at children under 18. We do not knowingly collect data from minors. If you believe a minor has registered, contact us immediately.
11. Changes
Material changes will be emailed to registered users 14 days before taking effect.
12. Contact
Privacy inquiries: [email protected]