Privacy Policy

Orqen provides an API and dashboard for intelligent tool routing, model routing, usage analytics, billing, and account management. You can contact us about privacy at privacy@orqen.app or for support at support@orqen.app.

• Account data: name, email address, Supabase user ID, account tier, and account creation date.
• Authentication and security data: sessions, hashed Orqen API keys, key prefix, key name, rate limits, saved-token budgets, and last-used timestamps.
• Provider credentials: customer-supplied LLM provider credentials encrypted at rest and decrypted only when needed to proxy a request.
• Usage and routing metadata: request time, model, status code, latency, token counts, tool counts, routing mode, tools called, and privacy-preserving routing traces. We do not intentionally store raw prompts, raw responses, or provider request bodies in request logs.
• Billing data: Stripe customer ID, subscription ID, subscription tier, subscription status, billing period dates, and payment portal events. Payment card data is handled by Stripe, not stored by Orqen.
• Analytics data, only when allowed: PostHog page views, interaction events, referrer, browser, device, and approximate usage context.
• Diagnostics data: Sentry error and performance events, server logs, request URLs, browser or runtime context, stack traces, and related troubleshooting metadata. Browser diagnostics are controlled by your diagnostics consent choice and are not intentionally tagged with Orqen customer IDs.

• To create and secure accounts, authenticate users, issue API keys, prevent abuse, and provide customer support.
• To route requests to connected providers, estimate savings, enforce trial and key budgets, show usage history, improve routing quality, and operate billing.
• To understand product usage and improve Orqen when analytics consent is granted.
• To diagnose errors, maintain reliability, investigate security issues, and protect the service.
• To comply with legal obligations, enforce terms, and handle disputes or lawful requests.

For UK and EEA users, we process account, routing, provider, and billing data where needed to provide Orqen under our contract with you. We process security, abuse prevention, and service reliability data based on legitimate interests. We process optional product analytics and browser diagnostics based on consent, which you can withdraw at any time.

Essential storage is used for authentication, security, billing flows, and remembering privacy choices. Optional analytics and browser diagnostics are disabled by default until consent is granted. You can change your choices from the Cookie Policy page.

We share data only where needed to run Orqen or where legally required. Current service providers include:

• Supabase for authentication and database services.
• Stripe for checkout, subscriptions, invoices, customer portal, and payment processing.
• PostHog for consented product analytics and optional log/analytics ingestion.
• Sentry for diagnostics, error monitoring, performance monitoring, and operational logs.
• LLM providers selected or connected by you, when Orqen proxies requests on your behalf.

Request logs are retained for the configured retention period, currently 90 days by default, unless a shorter deletion requirement applies. Account records, API keys, provider credentials, billing pointers, routing preferences, and customer-specific routing statistics are kept while the account is active. Backups may retain deleted data until overwritten, but deleted data is put beyond active use. Stripe, PostHog, Sentry, and Supabase may retain limited records under their own legal, security, or operational obligations.

Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or export personal data. You may also withdraw consent for optional analytics or browser diagnostics. Use the dashboard deletion control or contact privacy@orqen.app. We aim to respond to privacy rights requests within one month unless a lawful extension applies.

When you delete your account, Orqen permanently deletes the local customer record and associated API keys, provider keys, request logs, routing preferences, model stats, tool stats, and customer-specific dashboard data. Where configured, we also delete the matching Supabase Auth user, Stripe customer, and PostHog person/events tied to your Orqen customer ID. Browser diagnostics are minimised and not intentionally linked to your Orqen customer ID. Some records may be retained where required for legal obligations, security, fraud prevention, dispute handling, or backup overwrite schedules.

Orqen uses hashed API keys, encrypted provider credentials, access controls, HTTPS in production, retention controls, and monitoring. No online service can guarantee absolute security, but we design the system to minimise personal data and remove customer data cleanly when accounts are deleted.

We may update this policy as Orqen changes. Material changes will be reflected by updating the date above and, where appropriate, notifying account holders.