This Privacy Policy explains how KodaAPI collects, uses, and protects information about you when you use our platform. We take your privacy seriously and are committed to handling your data responsibly.
KodaAPI ("we," "us," or "our") operates the KodaAPI platform — an AI API gateway accessible at kodaapi.com — including the API, dashboard, and all related services (collectively, the "Service").
This Privacy Policy describes the types of information we collect, how we use it, and the choices you have regarding your information. It applies to all users of the Service, including API users, dashboard users, and visitors to our website.
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Service.
We collect information in several ways:
Information you provide directly:
Information collected automatically:
Information we do not collect:
We use the information we collect for the following purposes:
| Purpose | Data used |
|---|---|
| Provide and operate the Service | Account info, API keys, request metadata |
| Calculate and deduct billing (points) | Token counts, model, points balance |
| Display your usage statistics in the dashboard | Request metadata, token counts, timestamps |
| Authenticate your identity and secure your account | Email, hashed password, JWT tokens |
| Detect and prevent abuse, fraud, and security incidents | IP address, request patterns, API key activity |
| Respond to support requests and communicate with you | Email address, support messages |
| Improve and monitor the reliability of the Service | Server logs, error rates, latency data |
| Comply with legal obligations | Any data required by applicable law |
We do not use your data for advertising, sell it to data brokers, or use it to build user profiles for marketing purposes.
When you make an API request through KodaAPI, your prompt and any conversation history are transmitted to the relevant upstream AI model provider (e.g., Anthropic, Google, Meta) in order to generate a response. This transmission is necessary to provide the Service.
Key points regarding API request data:
We do not sell your personal information. We share data only in the following limited circumstances:
We retain different types of data for different periods:
You may request earlier deletion of your data by contacting us at hello@kodaapi.com.
We implement industry-standard technical and organizational measures to protect your information, including:
No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach that affects your rights, we will notify you as required by applicable law.
KodaAPI uses a minimal approach to cookies and tracking:
localStorage to store your session token after login. This is not a cookie and is not transmitted to our servers automatically — it is used only when you make authenticated requests from the dashboard.If we introduce cookies in the future, we will update this policy and, where required by law, obtain your consent.
The Service integrates with or routes requests to third-party AI providers. When you use KodaAPI to access a model, your request is transmitted to the relevant provider. These providers have their own privacy policies which govern their handling of your data:
We are not responsible for the privacy practices of these third-party providers. We recommend reviewing their policies before transmitting sensitive or personal data through the Service.
If you sign in using Google SSO, your authentication is handled by Google's OAuth service. We receive only your email address and name from Google; we do not receive your Google password or payment information.
Depending on your jurisdiction, you may have the following rights with respect to your personal information:
To exercise any of these rights, please contact us at hello@kodaapi.com. We will respond to verified requests within 30 days. We may need to verify your identity before processing your request.
You also have the right to lodge a complaint with your local data protection authority if you believe we have processed your data in violation of applicable law.
The Service is not directed to children under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at hello@kodaapi.com and we will take steps to delete the information promptly.
KodaAPI operates globally. Your information may be processed and stored on servers located outside your country of residence. When we transfer data internationally, we take steps to ensure that your information receives an adequate level of protection in accordance with this Privacy Policy and applicable law.
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, please be aware that your data may be transferred to countries that do not have the same data protection laws as your jurisdiction. We rely on appropriate safeguards (such as standard contractual clauses) for such transfers.
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. For significant changes that affect your rights, we will notify you by email (at the address associated with your account) or by posting a prominent notice in the dashboard.
Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy. We encourage you to review this page periodically.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
We aim to respond to all privacy-related inquiries within 5 business days.