Privacy Policy

Last updated: April 9, 2026

1. Introduction

Osiris ("we", "our", "us") operates the osiris-code.com website and API gateway service. This Privacy Policy explains how we collect, use, and protect your information when you use our services.

2. Information We Collect

Account Information

  • Email address (for registration and communication)
  • Name (optional, for personalization)
  • Password (stored as bcrypt hash, never in plaintext)
  • Google account ID (if using Google OAuth login)

Usage Data

  • API requests: model used, token counts, response times
  • IP address and request metadata
  • Billing and transaction history

What We Do NOT Collect

  • We do not store or log the content of your API requests (prompts and responses)
  • We do not use your data to train AI models
  • We do not sell your personal information to third parties

3. How We Use Your Information

  • To provide and maintain our API gateway service
  • To process billing and token purchases
  • To send service-related communications (verification emails, password resets)
  • To monitor and improve service performance and reliability
  • To detect and prevent abuse, fraud, and security threats

4. Data Storage and Security

Your data is stored on secure servers with encryption at rest and in transit. We use industry-standard security measures including:

  • Passwords hashed with bcrypt (cost factor 12)
  • API keys stored as SHA-256 hashes
  • HTTPS/TLS encryption for all communications
  • JWT tokens with expiration for session management

5. Third-Party Services

We use the following third-party services:

  • Cloudflare — CDN, DDoS protection, SSL termination
  • Resend — Transactional email delivery
  • Google OAuth — Optional social login
  • PostHog — Anonymous usage analytics (optional)
  • Pakasir — Payment processing

6. Data Retention

We retain your account data for as long as your account is active. Usage logs are retained for 90 days for billing and debugging purposes. You may request deletion of your account and associated data at any time by contacting us.

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent for optional data processing

8. Cookies

We use a single HTTP-only session cookie (osiris_token) for authentication. We do not use tracking cookies or third-party advertising cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

10. Contact

If you have questions about this Privacy Policy, contact us at privacy@osiris-code.com.