Legal

Privacy Policy

Last updated: 28 May 2026

1. Who we are

routeur.ai is a trading name of Oliver Tappin Ltd. For the purposes of this privacy policy, Oliver Tappin Ltd is the data controller for personal data collected through the routeur.ai website, commercial enquiries, billing, and account administration.

Our named Data Protection Officer (DPO) is Oliver Tappin. Privacy enquiries can be sent to legal@routeur.ai.

2. What this policy covers

This policy explains how we collect, use, store, and disclose personal data when you visit the routeur.ai website, request early access, create an account, buy a subscription, or contact us.

When routeur.ai processes prompts or responses on behalf of a customer, we generally act as a processor to that customer. The customer remains responsible for deciding what personal data they send through the service and for providing any notices required to their end users.

3. Data we collect

  • Contact data: name, work email address, company, and anything you include in forms or emails to us.
  • Account and billing data: organisation name, account owner details, subscription status, invoices, and payment metadata from our payment processor.
  • Service administration data: API key labels, audit logs, security events, provider configuration metadata, and operational traces.
  • Website data: standard server logs such as IP address, user agent, and request path needed to run and secure the site.
  • Customer content: prompts, messages, and responses sent through the gateway when customers enable those features or choose payload retention.

4. How we use personal data

  • to provide, secure, and operate the routeur.ai service;
  • to respond to demos, early-access applications, support tickets, and legal requests;
  • to bill customers, prevent fraud, and maintain accounting records;
  • to monitor reliability, detect abuse, and investigate incidents;
  • to comply with legal obligations and enforce our terms.

5. Lawful bases

We rely on one or more of the following lawful bases under UK GDPR and EU GDPR, depending on the context: contract performance, legitimate interests, legal obligation, and consent where you voluntarily submit contact details for early access or other marketing-adjacent contact.

6. Processors and recipients

We use a limited number of processors to run the service, including infrastructure providers, transactional email providers, payment processors, and upstream LLM providers selected by our customers.

Examples include Google Cloud Platform for hosting and storage, payment processors for subscription billing, and upstream model providers such as OpenAI, Google, Anthropic, or DeepSeek when customers configure them.

7. International transfers

Customer data may be sent to upstream LLM providers in regions chosen by the customer or required by the selected provider. Customers are responsible for selecting providers appropriate to their compliance obligations.

Where we transfer personal data outside the UK or EEA, we use appropriate safeguards such as contractual commitments, adequacy decisions, or the processor's published transfer mechanisms where available.

8. Retention

We keep personal data only for as long as needed to provide the service, satisfy legal or accounting obligations, resolve disputes, and maintain security records. Retention periods vary by data type and product settings.

Customers control whether payload retention is enabled for many gateway traces. If payload retention is disabled, we still retain minimal operational metadata needed for security, billing, and abuse detection.

9. Security

We use technical and organisational measures designed to protect personal data, including encryption in transit, encrypted secret storage, access controls, audit logging, and least-privilege access practices. See the security page for operational detail.

10. Cookies and analytics

The public routeur.ai website does not currently use third-party analytics, advertising pixels, or non-essential tracking cookies. Standard browser and server behaviour may still result in technical logs required to serve the site and defend against abuse.

11. Your rights

Depending on your location, you may have rights to access, correct, erase, restrict, object to, or port your personal data, and to complain to a supervisory authority. Where we act only as a processor for customer-submitted content, we may direct you to the relevant customer as controller.

12. Contact

For privacy requests or DPO enquiries, contact legal@routeur.ai. routeur.ai is operated by Oliver Tappin Ltd, and Oliver Tappin is the named DPO for privacy matters.