Legal Documents

Privacy Policy

Last updated: 1 March 2026  ·  Effective: 1 March 2026
1. Controller

CloudSigma AG, Baarerstrasse 10, 6300 Zug, Switzerland is the data controller for personal data processed in connection with the TaaS platform. Contact: privacy@cloudsigma.com.

2. Data We Collect
  • Account data: email address, name, company name, profile picture (via OAuth login).
  • Usage data: API request metadata (timestamp, model, token counts, latency, status code, API key identifier). We do not store prompt or completion content beyond the duration of request processing.
  • Billing data: payment method details (processed by Stripe; we receive only tokenised references, not raw card numbers), transaction history.
  • Technical data: IP addresses, user agent strings, session cookies.
3. How We Use Your Data
  • To provide and operate the Service (contract performance).
  • To send service-related communications, invoices, and security alerts (legitimate interest / contract).
  • To detect and prevent fraud, abuse, and AUP violations (legitimate interest).
  • To comply with legal obligations (legal obligation).
  • To improve platform reliability and performance using aggregate, anonymised usage analytics (legitimate interest).
4. Data Retention
  • Account data: retained for the lifetime of your account plus 90 days after deletion.
  • Usage records: retained for 24 months for billing and dispute resolution.
  • Billing records: retained for 10 years per Swiss accounting law.
  • API request content: not retained after request completion.
5. Data Sharing

We share your data with:

  • Model providers (e.g. Anthropic, DeepInfra, Groq): request content is forwarded to fulfil your API call. Each provider's privacy policy applies to their processing.
  • Stripe Inc.: payment processing.
  • Infrastructure providers: CloudSigma cloud infrastructure (EU-based).
  • We do not sell your data or share it for advertising purposes.
6. International Transfers

Some model providers are based outside the EEA (e.g. US). Transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent safeguards.

7. Your Rights (GDPR)

If you are in the EEA or UK, you have the right to: access your data, rectify inaccuracies, erase data (subject to retention obligations), restrict processing, data portability, object to processing, and withdraw consent. To exercise these rights, contact privacy@cloudsigma.com. You may also lodge a complaint with your local data protection authority.

8. Security

See our Security & Subprocessors page for infrastructure and security measures.

9. Cookies

See our Cookie Notice.

Terms  ·  Privacy  ·  Cookies  ·  Acceptable Use  ·  © 2026 CloudSigma AG. All rights reserved.