Privacy Policy

MeterLayer collects account information, organization and project settings, provider credential metadata, billing records, operational logs, and API request telemetry needed to run the gateway.

API request logs include provider, model, token counts, estimated cost, latency, status, error category, project, request metadata, and prompt summaries. Full prompt logging is disabled by default and should only be enabled by workspace administrators when they have a clear operational reason.

Provider API keys are encrypted before storage and are never returned to the browser after they are saved. The application may show a masked preview so administrators can identify which key is configured.

We use collected data to authenticate users, route AI provider requests, enforce budgets and rate limits, calculate usage and cost, display analytics, deliver webhook events, send account emails, process billing, and monitor service health.

The service may use infrastructure, database, email, payment, and observability providers such as Vercel, Neon, Upstash, Resend, Stripe, and configured logging or monitoring tools. AI requests are forwarded to the provider selected by your project configuration, starting with OpenAI in this MVP.

Request log retention depends on the effective billing plan: Free keeps 14 days, Starter 30 days, Growth 180 days, and Scale 365 days. Audit logs and webhook delivery records follow the operational retention settings configured for the deployment.

Customers are responsible for the prompts, metadata, customer identifiers, and provider credentials they send to the service. Do not send secrets, regulated personal data, or sensitive customer data unless your organization has approved that use.

For privacy questions, contact support@meterlayer.io.