← Back to LighterHub
About LighterHub
LighterHub operates an AI inference API service that provides access to large language models and other AI capabilities. We are committed to protecting your privacy and ensuring transparency about how we handle your data.
This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.
Data We Collect
When you use the LighterHub API, we collect operational metadata necessary to provide, maintain, bill, debug, and protect the Service:
- Timestamps: When requests are made
- Request IDs: Unique identifiers for tracking requests
- Token counts: Number of input and output tokens processed, plus estimated or reserved token capacity used for rate limits and abuse controls
- Latency: Response time and performance metrics
- Status and error metadata: HTTP status, API error code, upstream error type, and a short upstream error message when needed for debugging
- API endpoint and model metadata: Which endpoint and public model were called, whether the request streamed, and which backend served or attempted to serve the request
- Account and billing metadata: API key prefix, customer/account label, billable status, usage value, prepaid credit reservation, balance after request, pass status, and rate-limit or capacity-control metadata
- Email and request details: If you join a mailing list, request an assessment, request payment instructions, or arrange paid access, we collect the email address and form details you submit so we can reply and provide the Service.
- Workload review and capacity details: If you request a review or quoted API access, we collect the workflow description, provider/model context, expected spend or usage range, latency or quality requirements, requested timing, and support context needed to evaluate fit and provision access.
- Payment and provisioning details: For paid access or payment instructions, we collect payment event identifiers, checkout session or payment references, product, amount, currency, customer email or masked email, quoted scope, notes, country/payment context, and provisioning status so we can reconcile payment and issue access.
- Website, attribution, and anti-abuse metadata: For website visits, forms, checkout intent, and quote intent, we may collect page path, referrer, UTM parameters, advertising click IDs, Google Analytics client/session IDs, checkout references, visitor/session IDs, approximate country or device metadata from Cloudflare, and hashed IP address or hashed user-agent values for rate limiting, fraud prevention, and conversion measurement.
API payload promise: By default, we do not store prompts, completions, or the content of API requests and responses. API payloads are processed to serve the request and then discarded after the response. Temporary debug logging, if ever enabled for your requests, is handled under the notice and time limits below.
How We Use Your Data
We use operational metadata for the following purposes:
- Service delivery: To process your requests and provide accurate responses
- Performance monitoring: To track system health, uptime, and latency
- Usage tracking: To measure API usage, token consumption, balances, passes, and billing
- Debugging and support: To investigate errors, reconcile customer reports, and answer support questions
- Improvement: To optimize performance and enhance service quality
- Compliance: To maintain audit logs and meet legal obligations
- Fraud and abuse prevention: To enforce rate limits, detect repeated abuse, protect shared capacity, and prevent unauthorized use
- Website analytics and attribution: To understand aggregate traffic, checkout intent, paid campaign performance, and which lead sources generate qualified inquiries
- Workload review and provisioning: To evaluate fit, plan benchmark scope, quote capacity, provision approved API access, and send operational reminders or support responses about the approved workload.
- Manual payment fulfillment: To reply with written quote or payment instructions, confirm the quoted scope, reconcile the transfer, and provision API access after payment confirmation.
Marketing emails include an unsubscribe option. Operational messages about purchases, API access, billing, security, or support may still be sent when needed to provide the Service or complete a transaction.
Temporary Debug Logging
In rare cases, we may enable temporary debug logging to diagnose technical issues or investigate service problems. When debug logging is enabled:
- Duration: Debug logging is always time-limited to a maximum of 7 days
- Scope: Limited to the specific requests and systems being debugged
- Access: Restricted to authorized engineering staff only
- Deletion: Debug logs are automatically deleted after the investigation period
If debug logging is ever enabled for your requests, we will notify you at founder [at] lighterhub.app and provide details about what was logged.
Data Protection
We use reasonable technical and organizational measures to protect your data, including:
- Encryption in transit (HTTPS/TLS)
- Access controls and authentication
- Security reviews and monitoring
- Secure data handling practices
Training Data Policy
API prompts, completions, and submitted workload details are not used to train our models or any third-party models.
We do not:
- Use your prompts or completions for model training
- Use your data to improve our ML models
- Share your data with model training teams
Data Sharing
We do not sell your personal information, and we do not sell or rent API prompts or completions.
We share limited data with vendors and service providers only as needed to operate, secure, bill, support, and measure the Service:
- Legally required: When compelled by law or regulation
- Service providers: With vendors who help us operate hosting, DNS, tunneling, payments, email, analytics, CRM, alerting, support, or fraud prevention
- Safety/security: To prevent fraud, abuse, or other harmful activity
We do not share API prompts or completions for marketing or advertising. Website, lead, checkout, and purchase metadata may be used for analytics, advertising attribution, and conversion measurement as described in this policy.
Data Retention
Operational metadata is retained for:
- API operational request logs: Up to 90 days for billing, support, abuse prevention, and reliability analysis
- Website traffic events: Generally up to 30 days in first-party analytics storage
- Checkout attribution: Generally up to 90 days so purchases can be matched to checkout intent and campaigns
- Lead, customer, support, and CRM records: While your API access, customer profile, inquiry, or business relationship remains active, then as needed for ordinary business records
- Billing, payment, tax, accounting, refund, dispute, and fraud records: As long as necessary for financial, security, and legal purposes
- Legal holds: Longer if required by law
Your Rights
Depending on your location and applicable laws, you may have the right to:
- Access: Request information about what data we hold
- Deletion: Request deletion of your data (subject to legal obligations)
- Correction: Request correction of inaccurate data
- Portability: Request your data in a portable format
- Opt-out: Opt out of optional data collection practices
To exercise any of these rights, contact us at founder [at] lighterhub.app.
Privacy Policy Updates
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by updating the "Effective Date" at the top of this page. Your continued use of LighterHub after such changes constitutes your acceptance of the updated Privacy Policy.
GDPR / EEA Privacy Rights
If you are located in the European Economic Area (EEA), you have specific rights regarding your personal data. Our lawful bases for processing your data include:
- Contract performance: Necessary for API service delivery
- Legitimate interest: Necessary for security and fraud prevention
Under the GDPR, you have the following rights:
- Access: The right to request copies of your personal data
- Correction: The right to request that we correct inaccurate information
- Erasure: The right to request that we erase your personal data
- Restriction: The right to request that we restrict the processing of your personal data
- Portability: The right to request that we transfer the data that we have collected to another organization, or directly to you
- Withdrawal of consent: The right to withdraw your consent at any time, where we relied on your consent to process your personal information
We will respond to legitimate requests within the timeframe required by applicable law. For international data transfers from the EEA, we use appropriate transfer mechanisms where legally required, such as Standard Contractual Clauses. To exercise any of these rights, please contact us at founder [at] lighterhub.app.
US State Privacy Rights
Residents of California (CCPA), Colorado, Connecticut, Virginia, and Utah have specific rights regarding their personal information:
- Right to know: You have the right to know what personal data is collected about you
- Right to delete: You have the right to request the deletion of your personal data
- Right to opt-out of sale: We do not sell your personal information
We will not discriminate against you for exercising any of your privacy rights.
International Data Transfers
Your data is processed in the United States on dedicated GPU infrastructure. For users located in the European Economic Area (EEA), Standard Contractual Clauses apply to ensure your data is protected.
Our infrastructure runs on dedicated GPU hardware in the United States, and we utilize Cloudflare (global network) as our CDN and secure tunnel.
Cookies and Tracking
We are committed to minimizing tracking and respecting your privacy:
- The LighterHub API does not use cookies
- The website (lighterhub.app) uses essential site functionality, first-party event measurement, and Google Analytics measurement to understand aggregate website usage and lead conversion paths
- Google Analytics may set analytics cookies or use similar measurement technology for website traffic reporting
- Advertising click IDs and campaign parameters may be captured when you arrive through an ad or tracked campaign link
Children's Privacy
Our services are not directed to children under the age of 13. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 13, we will delete it promptly.
If you believe we might have any information from or about a child under 13, please contact us at founder [at] lighterhub.app to report it.
Subprocessors
To provide our services, we use the following service providers and subprocessors:
| Subprocessor |
Purpose |
Data Shared |
| Cloudflare |
CDN, DNS, tunnel, DDoS protection, Worker event collection, KV storage, and edge analytics |
IP addresses, request metadata, site events, approximate location/device metadata, hashed anti-abuse identifiers, and operational records |
| GPU Infrastructure Provider |
GPU infrastructure hosting |
API request data (processed, not stored) |
| Stripe |
Payments, checkout, refund, dispute, and payment reconciliation |
Customer email, name when provided to Stripe, payment identifiers, product, amount, currency, payment status, and checkout references |
| Google Analytics |
Website analytics, attribution, and purchase conversion measurement |
Page, campaign, checkout, purchase, device, approximate location, client/session ID, and event metadata |
| Resend / Email Provider |
Transactional and support email delivery |
Email address, message content needed to send access, receipts, support, provisioning, or operational notices |
| Google Sheets / CRM routing, if configured |
Lead and customer follow-up workflow |
Submitted lead details, email, name, organization, workload summary, attribution metadata, and status notes |
| Telegram, if alerts are enabled |
Operational alerts for leads, payments, health, traffic, customer follow-up, and incidents |
System health metrics, masked or full customer/contact details depending on configuration, workload summaries, payment/provisioning metadata, and dashboard links |
Data Breach Notification
In the event of a data breach affecting your personal data, we are committed to transparency and prompt action:
- We will notify affected users without undue delay and within the timeframe required by applicable law
- We will notify relevant regulatory authorities when required by applicable law
- Notification will include the nature of the breach, the data affected, and the remedial steps we have taken to secure your information