Privacy Policy

LLMCap is operated by Celikkanat LLC. We provide a reverse proxy service that enforces hard dollar-based spending caps on LLM API calls. Contact us at celikkanat1983@gmail.com.

Account data: When you sign up via Clerk, we receive your email address, name, and a unique user ID from your authentication provider (e.g., Google). We store this to create and identify your workspace.

Payment data: Payments are processed by Stripe. We store your Stripe Customer ID and subscription status. We never see or store your full card number — all card data is handled exclusively by Stripe and subject to their PCI DSS compliance.

API usage data: For each LLM API call routed through our proxy, we log: timestamp, provider, model name, input and output token counts, cost in USD, request status (forwarded or blocked), and latency. We do not log the content of your prompts or responses.

Proxy keys: We store your LLMCap proxy keys in hashed form (bcrypt). The raw key is shown to you once at creation and never stored in plaintext.

Provider API keys: Your Anthropic, OpenAI, or other provider API keys pass through our proxy on each request and are immediately discarded. We never store provider API keys.

We use your data solely to: provide the LLMCap service, enforce your spending caps, display your usage dashboard, process billing, and send transactional emails (e.g., payment receipts). We do not sell your data to third parties or use it for advertising.

Request logs are retained for 30 days (Free plan) or 90 days (Pro plan), after which they are automatically deleted. Account data is retained while your account is active. Upon account deletion, all personal data is deleted within 30 days.

You have the right to: access the personal data we hold about you, correct inaccurate data, request deletion of your data ("right to be forgotten"), and data portability. To exercise any of these rights, email celikkanat1983@gmail.com with the subject line "Data Request". We will respond within 30 days.

We use strictly necessary cookies for authentication (managed by Clerk). We do not use tracking, advertising, or analytics cookies. No cookie consent banner is required for strictly necessary cookies, but you are informed of this use here.

We use the following third-party services, each governed by their own privacy policy:

• Clerk — Authentication (clerk.com/privacy)
• Stripe — Payment processing (stripe.com/privacy)
• Supabase — Database hosting (supabase.com/privacy)
• Railway — Infrastructure hosting (railway.app/privacy)
• Vercel — Frontend hosting (vercel.com/legal/privacy-policy)

All data is transmitted over HTTPS. Proxy keys are stored as bcrypt hashes. Database access is restricted to our application servers. We follow industry-standard security practices and do not store any plaintext credentials.

Your data is hosted on servers in the United States (AWS us-east-1 for database, Railway for compute). If you are located in the European Economic Area, data is transferred under Standard Contractual Clauses or equivalent mechanisms provided by our sub-processors.

We may update this policy from time to time. We will notify you of material changes by email or by posting a notice on our website. Continued use of the service after changes constitutes acceptance of the updated policy.

For any privacy questions or requests: celikkanat1983@gmail.com
Celikkanat LLC