Your privacy matters.

Llummo is a product of Studio:Unbound LLC, a limited liability company registered in the State of Montana, United States (“we,” “our,” or “us”). We operate llummo.com and the Llummo LLM cost-tracking proxy service (the “Service”). This Privacy Policy describes how we collect, use, store, and protect information about you when you use the Service.

By creating an account or using the Service, you agree to the practices described in this policy. If you do not agree, please discontinue use immediately.

Account information. When you register, we collect your name, email address, company name (optional), and a hashed password. We never store plain-text passwords.

Billing information. Payments are processed by Stripe. We receive a customer ID and subscription status from Stripe; we do not store full card numbers or bank details on our servers.

API keys. Provider API keys you save (e.g. OpenAI, Anthropic, Mistral, Cohere) are encrypted at rest using AES-256-GCM before being written to the database. Proxy keys are stored as one-way SHA-256 hashes.

Usage data. Every request routed through the proxy is logged with: timestamp, provider, model, token counts (prompt + completion), computed cost, HTTP status, latency, and any optional _meta labels you include in your request. This data powers your dashboard.

Technical data. We may log IP addresses and user-agent strings for security, abuse prevention, and rate limiting purposes. These are not sold or used for advertising.

Analytics. We use PostHog to collect product analytics (feature usage, page views, event funnels). This data is pseudonymous and used solely to improve the Service.

We use collected information to:

• Authenticate your account and authorise proxy requests
• Forward API requests to the correct LLM provider on your behalf
• Compute and display real-time cost tracking in your dashboard
• Enforce your plan limits and send usage-based alerts
• Process subscription payments and send billing receipts via email
• Send transactional emails (e.g. key rotation confirmations, anomaly alerts) via Resend
• Detect and prevent abuse, fraud, and unauthorised access
• Improve and debug the Service using aggregated analytics

We do not sell your personal data or use it for targeted advertising.

We take security seriously and implement the following controls:

• Provider API keys are encrypted with AES-256-GCM before storage. The encryption key is managed separately and never co-located with encrypted data.
• Proxy keys are stored as SHA-256 hashes — the raw token is shown once at creation and never retrievable afterwards.
• All data in transit is protected with TLS 1.2 or higher, both between your application and our proxy, and between our proxy and upstream LLM providers.
• Database access is restricted to application services via private networking. No public database endpoints are exposed.
• Upstash Redis is used for rate-limit state. No sensitive payload data is persisted in cache.

Despite these measures, no system is completely secure. We encourage you to use strong, unique passwords and rotate your proxy keys regularly. If you believe your account has been compromised, contact us immediately at hello@llummo.com.

We work with the following third-party processors to operate the Service:

• Stripe — payment processing and subscription management
• Resend — transactional email delivery
• PostHog — product analytics (pseudonymous)
• Neon / Prisma Accelerate — managed PostgreSQL database hosting
• Upstash — serverless Redis for rate limiting and caching

Each sub-processor is bound by a Data Processing Agreement and complies with applicable data protection laws. We do not share your data with third parties for marketing or advertising purposes.

Your LLM request payloads are forwarded directly to the provider you specify (OpenAI, Anthropic, etc.). Those requests are subject to the respective provider's privacy policy. We do not store the full content of your prompts or completions — only the metadata described in the “Usage data” section above.

We retain data for the following periods:

• Account information — retained for the lifetime of your account and deleted within 30 days of account closure.
• Usage logs — retained for 90 days on the Free plan, 12 months on Starter and Growth, and 24 months on Scale. You may request earlier deletion at any time.
• Billing records — retained for 7 years to comply with financial regulations, even after account closure.
• Analytics events — retained for 12 months in PostHog, then automatically purged.

Depending on your location, you may have the following rights under GDPR, CCPA, or other applicable law:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — request deletion of your account and associated personal data.
• Portability — receive your usage data in a machine-readable format (JSON/CSV export available in the dashboard).
• Restriction — ask us to restrict processing of your data in certain circumstances.
• Objection — object to processing based on legitimate interests.

To exercise any of these rights, email hello@llummo.com with the subject “Privacy Request.” We will respond within 30 days.

We use a minimal number of cookies:

• Session cookies — required for authentication. These expire when you close your browser.
• PostHog analytics cookie — used to distinguish unique sessions and track feature usage. You can opt out via your browser's do-not-track setting.

We do not use advertising cookies, cross-site tracking, or third-party cookie networks.

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of the page and, for material changes, send a notice to the email address on your account at least 14 days in advance.

Continued use of the Service after the effective date of a revised policy constitutes your acceptance of the changes.

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact our privacy team at: