Last updated: June 18, 2026
ProxyLLM ("ProxyLLM", "we", "us", or "our") is a drop-in LLM proxy service that sits between your applications and AI providers, reducing cost and latency through semantic caching and smart model routing, with a live cost-analytics dashboard.
ProxyLLM is operated by Sysdev TechStrategy & Consulting Ltda. (CNPJ 37.016.893/0001-73), a company established in Brazil with registered offices at Av. Andrômeda, 433, Sala 515, Jardim Satélite, São José dos Campos – SP, CEP 12.230-000 ("Operator"). For the purposes of Brazil's Lei Geral de Proteção de Dados Pessoais (LGPD, Law No. 13.709/2018), Sysdev TechStrategy & Consulting is the data controller (controlador) with respect to the account, billing, and analytics data described in this Policy. For prompt and response content that passes through the proxy on behalf of our business customers, we act as a data processor (operador) — see Section 6.
This Policy explains what personal data we collect, why, the legal bases on which we rely, who we share it with, how long we keep it, and the rights you have. It applies to our proxy API (api.proxyllm.dev), dashboard (app.proxyllm.dev), and website (proxyllm.dev).
If you have any question about this Policy or wish to exercise your rights, contact us at contact@proxyllm.dev.
As a small operator, we rely on the simplified-treatment provisions available to small processing agents under ANPD Resolution No. 2/2022 and have not appointed a formal encarregado (DPO). In accordance with ANPD Resolution No. 18/2024, we designate contact@proxyllm.dev as our published channel for communications with data subjects and the ANPD, and this address fulfils the data-protection contact function described in LGPD Art. 41. If the nature or scale of our processing changes such that the small-agent regime no longer applies, we will appoint and name a formal encarregado here.
Where we offer the Service to data subjects in the European Economic Area (EEA) or the United Kingdom and the GDPR or UK GDPR applies to that processing under Art. 3(2), GDPR Art. 27 requires us, as a controller established outside those territories, to designate a written representative within the EEA and (separately) the UK.
Status: An EEA/UK representative has not yet been appointed. Until an appointment is published in this section, EEA/UK data subjects and supervisory authorities should direct all data-protection enquiries to contact@proxyllm.dev, which we monitor and treat as the interim point of contact. We are prioritising the appointment of a formal Art. 27 representative before we actively market the Service to EEA/UK data subjects, and we will name the representative and their full contact details here once appointed. The EU–Brazil adequacy decision (in force since January 27, 2026) addresses lawful data transfers only and does not remove this representation duty.
Because our Operator is a Brazilian entity, the LGPD is our primary data-protection framework. In addition:
Where these regimes overlap, we apply the standard most protective of you.
We collect only what we need to run the Service. We deliberately do not persist the cleartext of your prompts (see Section 4 for the precise, important detail).
When you sign up, authentication is handled entirely by our provider Clerk. We receive and store your email address, your name or display name (if provided), and a unique user identifier. We do not store passwords or authentication secrets — Clerk manages those.
Payments are processed by Stripe. We never receive or store card numbers or payment-card details. We store only your Stripe customer ID and subscription status / plan tier, which we use to operate billing and enforce plan limits.
We store your workspace API keys (the pl_-prefixed keys you use to authenticate to the proxy), your plan tier and usage counters, and — if you are on Pro or Scale and enable Bring-Your-Own-Key (BYOK) — your upstream provider API keys (e.g. your own OpenAI or Anthropic key) and optional base URLs.
Please note the difference in how these two kinds of credentials are protected at rest:
pl_ keys) are stored in our database in cleartext and are not hashed or application-encrypted at rest. They are protected by database-level access controls, network isolation (the database is not publicly reachable), and timing-safe comparison at authentication. Treat them like passwords: keep them secret, and rotate them from the dashboard if you suspect exposure.Scale-plan customers may additionally store routing rules, webhook endpoints (including their secrets), and alert rules.
For each proxied request we record metadata only: the model used, input and output token counts, estimated cost, latency, cache hit/miss status, an internal request identifier, the timestamp, and any optional cost-attribution tag you supply via the x-proxyllm-tag header. Our request-log store contains no column for prompt or response content. (Read Section 4 for how this interacts with the cache.)
To deliver semantic caching, we store cached content in Redis, scoped per workspace — see Section 4 for the full, precise description, because this is the single most important thing to understand about what we store.
We use Sentry for error tracking; only server-side 5xx errors and performance traces are forwarded. We disable sending of personal data to Sentry and explicitly strip the Authorization header, though stack traces may incidentally contain request context. We use UptimeRobot to monitor the availability of our public endpoints; it sends only health-check pings and receives no customer data.
When enabled, our public website uses cookieless, first-party analytics (Vercel Web Analytics). It sets no cookies and writes nothing to your device; visitors are identified by a transient server-side daily hash derived from the incoming request, discarded within 24 hours. It collects only aggregated, anonymous metrics such as page views, referrers, coarse (country-level) geolocation, and device/browser type. See Section 11 (Cookies) for the detail, our legal basis, and the threshold that would change this.
This section reconciles two statements that are both true and that we want you to understand precisely:
These cached entries are isolated to your workspace and expire automatically based on your plan tier (Free: 24 hours; Pro: 72 hours; Scale: 168 hours).
Two consequences you should know:
Prompt text is transmitted to a third-party embedding provider. To compute the embedding used for semantic matching, the normalized prompt text (system prompt + last user message) is sent over TLS to our embedding provider (by default OpenAI, in practice routed via OpenRouter) on cache writes and lookups. We do not store this cleartext ourselves, but it leaves our infrastructure to that subprocessor.
Semantic caching can return a response generated for an earlier, similar request. Because matches are based on similarity, a cached response originally generated for one prompt may be served for a sufficiently similar later prompt within the same workspace and the same TTL window. Cached responses may also be returned across SDK formats (OpenAI and Anthropic) within your workspace.
Because cached responses may reproduce whatever was in the original prompt or response, you should not send special-category / sensitive personal data through the proxy unless you have a lawful basis to do so and accept that it may be cached for the TTL window. See Section 12.
We process personal data only where we have a lawful basis. We map each purpose to its basis below.
Where we rely on legitimate interests, you may object to that processing (see Section 13). Where we rely on consent, you may withdraw it at any time, as easily as you gave it, without affecting the lawfulness of processing carried out beforehand.
We act in two distinct roles:
Business customers who require a written Data Processing Agreement (DPA) covering this processing — incorporating the EU Standard Contractual Clauses (Decision 2021/914), the UK Addendum, LGPD international-transfer language, our subprocessor annex, and breach-assistance commitments — can review and execute one at proxyllm.dev/dpa, and our current subprocessors are listed, with effective dates, at proxyllm.dev/subprocessors. If those pages are not yet live for your account, you may request the DPA and the dated subprocessor list at contact@proxyllm.dev, and we will provide them.
As controller of the end-user personal data you transmit, you are responsible for having a lawful basis for that data and for instructing us only to carry out lawful processing. The Terms of Service set out the corresponding contractual allocation of risk — including your indemnity to the Operator for unlawful or sensitive data you transmit through the Service (see Section 15).
We do not use your prompts, responses, or cached content to train, fine-tune, or improve any AI model.
We share personal data only with the service providers below, each engaged under a contract that restricts them to processing data on our instructions. We do not sell or rent your personal data, and we do not share it for cross-context behavioral advertising.
pl_ API keys), request-log metadata, encrypted BYOK keys, and the semantic cache (hashed prompts, cached responses, embedding vectors)./v1/messages endpoint (reached in production through OpenRouter). Receives: full prompt and response payloads for Anthropic-format requests.Authorization header excluded.Each provider maintains its own privacy policy, which we encourage you to review. Our authoritative, dated subprocessor list is maintained at proxyllm.dev/subprocessors. If we add or replace a subprocessor, we will update that list and, where you have an active subscription, notify account owners with an opportunity to object before the new subprocessor begins processing your data.
We and all of the subprocessors listed above operate primarily from outside Brazil, mainly in the United States. Using the Service therefore necessarily involves transferring your personal data internationally.
We rely on the following lawful transfer mechanisms:
You may request a copy of the relevant safeguards by emailing contact@proxyllm.dev.
We keep personal data only for as long as necessary for the purposes described in this Policy, then delete or anonymize it, subject to the legal-retention exceptions in LGPD Art. 16 (e.g. compliance with a legal or regulatory obligation).
We apply technical and organizational measures appropriate to the risk, including:
A note on what is and is not encrypted at rest. To be precise and not overstate our protections:
pl_ keys) are stored in our database in cleartext — they are not hashed or application-encrypted at rest. They are safeguarded by the database-access, network-isolation, and timing-safe-comparison controls above, but the AES-256-GCM encryption described here applies only to BYOK upstream provider keys, not to workspace pl_ keys.No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.
Breach notification. If we become aware of a security incident affecting personal data that may create a relevant risk to you, we will notify the Brazilian National Data Protection Authority (ANPD) and, where required, affected data subjects within the timeframe set by ANPD Resolution No. 15/2024. We commit to notifying within three (3) business days of becoming aware of a qualifying incident. Where we act as processor, we will notify the affected customer-controller without undue delay so they can meet their own obligations (including GDPR Art. 33/34 where applicable).
Our website (proxyllm.dev), when website analytics is enabled, uses only Vercel Web Analytics, which is cookieless and sets nothing on your device, so it does not require a consent banner. We therefore do not display one.
Our dashboard (app.proxyllm.dev) relies on cookies that are strictly necessary to provide the Service you have explicitly requested, and which therefore do not require prior consent:
__session and __client cookies for authentication.__stripe_mid (approximately one year) and __stripe_sid (approximately 30 minutes) cookies for fraud prevention and payment security, set only during checkout flows.We use no advertising, marketing, or cross-site tracking cookies anywhere in our stack. You can manage or block cookies through your browser settings, but blocking strictly-necessary cookies will break login and payment functionality.
Forward-looking threshold. The cookieless analysis above holds only so long as our website uses no technology that writes a cookie or other client-side identifier to your device. If we ever introduce any non-essential or client-side-identifier technology — for example Google Analytics, advertising or retargeting pixels, or device-cookie-based A/B testing — we will first present a granular, prior-opt-in consent banner (with rejecting as easy as accepting) and honor opt-out preference signals, including the Global Privacy Control, where required, before any such technology is activated.
The Service is not directed to children under 18, and we do not knowingly collect personal data from them. We do not knowingly sell or share the personal data of consumers under 16.
We do not intentionally collect sensitive personal data (LGPD Art. 5, II — e.g. data revealing racial or ethnic origin, health, biometric or genetic data, religious or philosophical beliefs, political opinions, trade-union membership, or sexual life). Because prompts can contain arbitrary text, such data may pass through the proxy if you place it there. In that case we process it solely as an operador (processor) to deliver the request you initiated, under your responsibility as controller of your end users' data, and we do not use it to infer characteristics about anyone. You are responsible for ensuring you have a lawful basis to send such data and for the consequences of it being cached for the applicable TTL window, and you agree to indemnify the Operator for unlawful or sensitive data you transmit, as set out in the Terms of Service (see Section 15).
You may exercise the following rights, free of charge, at any time (LGPD Art. 18):
We aim to respond to access requests within 15 days and to other requests within the timeframes set by the LGPD. You also have the right to petition us and to lodge a complaint with the Brazilian National Data Protection Authority (ANPD) regarding our handling of your data.
If you are in the EEA or UK, you also have the rights of access, rectification, erasure ("right to be forgotten"), restriction of processing, data portability, and objection to processing carried out on the basis of legitimate interests, as well as the right to withdraw consent and to lodge a complaint with your local supervisory authority. Until our GDPR Art. 27 representative is appointed and named in Section 1, you may also direct these matters to contact@proxyllm.dev. We do not subject you to solely automated decision-making producing legal or similarly significant effects; our routing and caching select models and reuse responses operationally and do not make decisions about you as an individual within the meaning of GDPR Art. 22.
Email contact@proxyllm.dev, or use the export and account controls in your dashboard where available. We will verify your identity (typically via control of your account) before acting, and an authorized agent may submit a request on your behalf with your written permission. We will not discriminate against you for exercising your rights.
This section applies to California residents. We provide these disclosures and honor these rights as a matter of policy, whether or not we currently meet the CCPA's "business" thresholds.
Categories of personal information we collect (mapped to the CCPA statutory categories), the sources, and whether we sell or share them:
| Data | CCPA category | Source | Sold / Shared |
|---|---|---|---|
| Email, name, user ID, workspace API keys, encrypted BYOK keys | (A) Identifiers | You / Clerk | No |
| Stripe customer ID, subscription status, usage/cost records | (A) Identifiers; (D) Commercial information | Stripe / your use | No |
| Request metadata, cached content, page-view events | (F) Internet or other electronic network activity | Your use of the Service / website | No |
| Coarse (country-level) geolocation from website analytics | (G) Geolocation | Website analytics | No |
We do not sell or share your personal information. We have not sold or shared personal information for monetary or other valuable consideration, and have not disclosed it for cross-context behavioral advertising, in the preceding 12 months. Because we do not sell or share, we do not offer a "Do Not Sell or Share My Personal Information" link, but we honor the Global Privacy Control should sale or sharing ever apply. The third parties listed in Section 7 receive personal information solely as service providers / contractors under written contract, not as part of a sale or share.
Service-provider role for prompt content. For prompt and response data flowing through the proxy, we act as a service provider processing on behalf of our business customers, and we do not retain, use, or disclose that data for our own purposes; cached content auto-expires per the TTLs above.
Sensitive personal information and automated decision-making. We do not intentionally collect sensitive personal information from account holders, and we do not use any sensitive personal information that may appear in prompts to infer characteristics about you. We offer the right to limit the use of sensitive personal information as a courtesy. We do not use automated decision-making technology to make decisions producing legal or similarly significant effects about consumers.
Your CCPA rights: the right to know/access the categories and specific pieces of personal information we have collected, the right to delete, the right to correct, the right to opt out of sale/sharing (not applicable, as we do neither), the right to limit use of sensitive personal information, and the right to non-discrimination. To exercise them, email contact@proxyllm.dev, which serves as our verifiable-request and authorized-agent intake channel.
ProxyLLM is a passthrough proxy. The responses ("Outputs") returned through the Service are generated by third-party AI providers and are supplied "as is," without warranty of any kind. Outputs may be inaccurate, incomplete, outdated, biased, or offensive ("hallucinations"). You are solely responsible for reviewing and validating any Output, and you must not rely on Outputs for medical, legal, financial, or other high-stakes decisions without qualified human review. We disclaim all liability for the content, accuracy, or use of Outputs to the fullest extent permitted by law.
The Service depends on third-party upstream providers and infrastructure (including OpenAI, OpenRouter, Anthropic, Railway, and Vercel). We are not liable for outages, latency, data loss, or other failures caused by events beyond our reasonable control, including upstream-provider or infrastructure failures, force-majeure events, and network or third-party disruptions.
The binding terms governing this relationship — including the limitation of liability (including for data-processing and security incidents), the warranty disclaimer, the force-majeure and upstream-dependency carve-out, the acceptable-use rules, and your indemnification of the Operator (including indemnity for any sensitive, special-category, or otherwise unlawful data you transmit through the Service as controller of that data) — are set out in our Terms of Service, which are incorporated into this Policy by reference. To the extent of any conflict regarding liability or indemnity, the Terms of Service control.
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and notify you by email or through the dashboard. Your continued use of the Service after an update takes effect constitutes acceptance of the revised Policy.
This Policy and any dispute relating to it are governed by the laws of the Federative Republic of Brazil, and the courts of Brazil have jurisdiction, without prejudice to any mandatory consumer-protection rights you may have under the Brazilian Consumer Defense Code (CDC) or under the data-protection laws of your country of residence.
For any question about this Policy, your personal data, or to exercise your rights, contact:
Sysdev TechStrategy & Consulting Ltda. — Operator of ProxyLLM CNPJ: 37.016.893/0001-73 Av. Andrômeda, 433, Sala 515, Jardim Satélite, São José dos Campos – SP, CEP 12.230-000, Brazil Email: contact@proxyllm.dev
This email also serves as our designated channel for data-subject requests under the LGPD, GDPR, and CCPA, and — until a formal GDPR Art. 27 representative is appointed and named in Section 1 — as the interim contact point for EEA/UK data subjects and supervisory authorities.