This Developer Privacy Policy describes how Clevora AI ("Clevora", "we", "us") collects, uses, and shares information when you sign up for and use the Clevora AI Developer Platform (the "Developer Platform"). It supplements the main Clevora Privacy Policy; where they differ, this policy controls for Developer Platform activity.
1. Information We Collect
1.1 Account & identity
When you sign in via Google OAuth, we receive your name, email address, profile picture, and Google account identifier. We use this information to authenticate you and to associate API keys and balance records with your account.
1.2 API request content
Requests you make to /v1/chat/completions,
/v1/scripts/generate, /v1/embeddings, and
/v1/search contain prompts, documents, queries, or other payloads
you submit. We process this content to fulfill the request and may retain it for
up to 30 days for abuse-detection, debugging, and security
purposes. After that period, content is permanently deleted from request logs
(aggregated, non-content metadata may be retained longer).
1.3 Usage metadata
For each request we record the endpoint, model, timestamp, latency, status code, token counts, request size, and the API key that made it. This metadata powers the usage dashboard, billing, and rate-limiting.
1.4 Billing
Top-ups are processed by Dodo Payments. We do not see or store full card numbers, CVV, or banking credentials. Dodo returns a transaction identifier, amount, brand/last-four, billing email, and status — which we store to reconcile your balance and to issue refunds.
1.5 Technical data
We log IP address, approximate geolocation, user-agent, and TLS metadata for security and abuse-prevention purposes. Cookies are used minimally — primarily to maintain the Firebase auth session for the dashboard.
2. How We Use Information
- Serve requests. Process API calls and return responses.
- Meter and bill. Track usage to deduct from your prepaid balance and produce dashboard analytics.
- Detect abuse. Identify scraping, denial-of-service patterns, or content that violates our acceptable-use policy.
- Debug. Investigate errors and improve reliability of the platform.
- Communicate. Send transactional emails (receipts, balance alerts, incident notifications) and — with consent — product updates.
- Comply with law. Meet legal obligations such as tax, audit, fraud prevention, and law-enforcement requests.
3. Model Training
Clevora does not train its base models on API request content.
This applies to prompts, attached documents, completions, embeddings, and search
queries submitted via the /v1 endpoints. Aggregated, de-identified
statistics (e.g., average token counts, error-rate distributions) may be used to
improve product quality and benchmark new model versions.
Some endpoints route through third-party model providers (e.g., upstream large language model APIs). Those providers process content under their own privacy commitments, which prohibit using API content for training by default.
4. End-User Data
When you send data about your own end-users to our API (for example, transcripts of conversations or user-submitted prompts), you act as the data controller and Clevora acts as a processor on your behalf. You are responsible for:
- Providing your end-users with a privacy notice that discloses your use of AI;
- Obtaining any consents required by applicable law;
- Honoring data-subject rights (access, deletion) that originate from your end-users — we will assist on request.
5. How We Share Information
We share information only in the following circumstances:
- Service providers. Cloud hosting (Google Cloud / Firebase), upstream AI model providers, email delivery, and Dodo Payments. These vendors process data only on our instructions under written agreements.
- Compliance. When required by subpoena, court order, or similar legal process. We will, where lawful, notify you before disclosure.
- Business transfers. If Clevora is acquired or merged, your information may transfer to the successor entity under the same protections.
We do not sell personal data.
6. Data Retention
- API request content: up to 30 days, then deleted.
- Usage metadata: 24 months for analytics and audit.
- Billing & transaction records: 7 years (or as required by applicable tax law).
- Account data: deleted within 30 days of account closure, subject to legal retention requirements.
7. International Transfers
Our service providers process data in jurisdictions outside your country (for example, the United States, the European Union, and the United Kingdom). Where required, we rely on Standard Contractual Clauses or equivalent legal mechanisms to safeguard cross-border transfers.
8. Security
We use industry-standard practices: TLS in transit, encryption at rest, scoped API keys, signed Firebase ID tokens for the dashboard, audit logs, and least-privilege access controls for internal staff. API keys are hashed in our database — we cannot recover a key once it has been generated. If a breach materially affects your account, we will notify you and the relevant authorities as required by law.
9. Your Rights
Depending on where you live, you have the right to access, correct, port, delete, or restrict processing of your personal data, and to object to certain processing. To exercise these rights, email dev-support@getclevora.xyz. We respond within 30 days.
10. Children's Privacy
The Developer Platform is intended for adult professionals and is not directed to children. We do not knowingly collect information from anyone under 18.
11. Changes to This Policy
We may update this policy. Material changes will be communicated via the dashboard and email at least 14 days before they take effect.
12. Contact
Reach our privacy team at dev-support@getclevora.xyz.