O
OpusLive

Privacy Policy

Last updated: March 17, 2026

1. Overview

OpusLive ("the Service", "we", "us", "our") is an API gateway that provides managed access to AI language models. This Privacy Policy explains what data we collect, what we do not collect, and how we handle information that passes through our Service.

The short version: We do not store your prompts, messages, or AI responses. We only track minimal usage metadata to enforce limits and provide usage dashboards.

2. What We Do NOT Collect

We want to be explicit about what we do not store or log:

  • Prompt contentThe text of your messages, instructions, and system prompts is never stored. It passes through our servers in transit and is immediately discarded after forwarding.
  • AI responsesModel outputs (text, code, analysis) are streamed through to you and not retained.
  • Images and filesAny images, documents, or files included in your API requests are forwarded to the upstream model and not stored by us.
  • Conversation historyWe do not maintain any record of your conversations or message threads.
  • Personal informationWe do not collect names, email addresses, IP addresses, browser fingerprints, or any other personally identifiable information from API users.
  • Cookies or trackingThe API does not set cookies or use any tracking mechanisms. The website uses no analytics or third-party tracking scripts.

3. What We DO Collect

We store the minimum metadata required to enforce usage limits and provide usage dashboards:

  • Token countsThe number of input and output tokens per request. Used to enforce per-key token budgets.
  • TimestampsWhen each request was made. Used for rolling window calculations and usage history.
  • Model nameWhich model was requested (e.g., "claude-sonnet-4-6"). No actual model output is stored.
  • HTTP status codeWhether the request succeeded (200) or failed (400, 500, etc.).
  • Response latencyHow long the upstream model took to respond, in milliseconds.
  • API key identifierWhich key made the request, for per-key usage tracking.

This metadata is strictly operational. It cannot be used to reconstruct your conversations.

4. How Data Flows Through the Service

When you make an API request:

1

Your request arrives at our API gateway over HTTPS (encrypted in transit).

2

We validate your API key and check usage limits.

3

The request is forwarded to the upstream AI model provider over HTTPS.

4

The response is streamed back to you in real-time.

5

We record only the metadata listed in Section 3.

6

The request and response content is discarded — it exists only in memory during transit.

At no point is your request or response content written to disk, logged to a file, or stored in a database.

5. API Key Data

API keys are stored in our database to authenticate requests. Each key has associated configuration (name, rate limits, token budgets, expiration date) set by your administrator. We store a prefix of each key for display purposes (e.g., "sk-ant-...") and the full key in hashed form for authentication. Key usage metadata (total tokens used, window usage, last used timestamp) is updated with each request.

6. Data Retention

Request/response contentNot retained. Zero retention period.
Usage metadataRetained until the API key is deleted by an administrator.
API key recordsRetained until deleted by an administrator.

7. Third-Party Services

Your API requests are forwarded to upstream AI model providers to generate responses. These providers have their own privacy policies and data handling practices. We do not control how upstream providers handle your data once it leaves our servers. We recommend reviewing the privacy policies of the model providers whose services you use through OpusLive.

8. Security

  • All communication with the Service is encrypted using HTTPS/TLS.
  • API keys are validated on every request.
  • Rate limiting and token budgets protect against abuse.
  • No request or response content is written to persistent storage.
  • Database access is restricted and credentials are securely managed.

9. Children's Privacy

The Service is not directed at children under 13 years of age. We do not knowingly collect personal information from children. If you believe a child has used the Service, please contact your administrator.

10. Your Rights

Since we collect minimal data and no personal information from API users:

  • Access — View your usage data through the Check Usage page at any time using your API key.
  • Deletion — Contact your administrator to delete your API key and all associated usage data.
  • Portability — Usage data visible on the Check Usage page represents all data we hold about your key.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes take effect when posted on this page. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy or how we handle data, please contact your administrator or the OpusLive team through the appropriate support channels.