← Back to Kyma

Privacy Policy

Last updated: April 5, 2026

Your privacy matters to us

Kyma API is built to give developers easy access to open-source AI models. We believe in being transparent about what we collect and why. This policy explains our practices in plain language.

What we collect

Account information

Your email address and a securely hashed password when you create an account.

API interactions

When you use our API, we log the messages you send and the responses generated. This includes the model used, token counts, response time, and basic connection information (IP address, user agent). We collect this to monitor service quality, detect abuse, and improve reliability.

Chat conversations

If you use our dashboard chat, your conversations are saved to your account so you can return to them later. You can delete any conversation at any time.

Payment information

Payments are processed by Stripe. We never see or store your credit card number.

How we use your data

  • To provide the service — routing your requests to AI models and returning responses.
  • To keep the service safe — detecting abuse, spam, and policy violations.
  • To improve reliability — understanding error patterns, latency issues, and which models perform best.
  • To bill accurately — tracking token usage for credit deductions.

What we don't do

  • We do not train AI models on your data. Kyma is an API gateway — we route requests, not train models.
  • We do not sell your data to third parties.
  • We do not use your content for advertising.

Third-party providers

Your API requests are forwarded to third-party AI inference providers to generate responses. These providers process your input to produce output but do not retain your data beyond what's needed to serve the request. Each provider has their own privacy policy governing their handling of data.

Data retention

API request logs (including message content): retained for 90 days, then automatically deleted.

Chat conversations: retained until you delete them.

Usage metadata (no content — just counts and timing): retained for analytics.

Account data: retained until you request deletion.

Your choices

  • Delete conversations — remove any chat from your dashboard at any time.
  • Delete your account — contact us and we'll remove all your data.
  • Export your data — request a copy of your data at any time.

Security

We use encrypted connections (HTTPS), securely hashed passwords, and host our database on Supabase with enterprise-grade security. We regularly review our practices to keep your data safe.

Contact us

Questions about your privacy? Reach out at privacy@kymaapi.com