Privacy Policy

1. Who We Are

The Dechained platform is operated by Dechained LLC, a Delaware limited liability company ("Dechained", "we", "us", "our"), the controller responsible for your personal data. Dechained is a gateway that gives agents a single endpoint for accessing AI model providers. If you have questions about this policy, contact us at privacy@dechained.ai.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address and your name. We use your email for sign-in via magic link and for transactional messages related to your account.

2.2 Payment Information

Payment is processed by Stripe. We do not store your full card number; we receive only the limited billing information Stripe shares back so we can identify and manage your subscription. See Stripe's Privacy Policy for how they handle your payment data.

2.3 Provider Credentials (BYOK)

Dechained is a Bring Your Own Key (BYOK) service. Provider API keys you supply (for example, keys for Anthropic, OpenAI, Google, xAI, Moonshot AI, or DeepSeek) are stored encrypted and are used solely to authenticate requests to the provider on your behalf. We do not display the full key back to you after it has been saved, and we do not share these keys with any third party.

2.4 Routing and Usage Metadata

When your agent makes a request through Dechained, we record metadata required to operate the service and produce your usage analytics, including the agent profile and route used, the provider and model selected, request and response token counts, latency, and HTTP status. For gateway traffic, we do not log, store, or train on the contents of your prompts, inputs, tool calls, or model outputs — see Section 5 (Zero Data Retention). Conversations in our built-in chat are handled separately; see Section 2.7.

2.5 Automatically Collected Data

When you use our service, we automatically collect:

• IP address
• Approximate geolocation (country, region)
• Browser and client user agent string
• Timestamps of login events and gateway requests

This information is used for security (rate limiting, fraud and abuse prevention), session management, and operating the service reliably.

2.6 Consent Records

When you sign up, we record timestamps of your acceptance of our Terms of Service and Privacy Policy, and your acknowledgment that this is an experimental service.

2.7 Built-in Chat

If you use our built-in chat, we store your conversations, the messages you send and the model responses you receive, so you can return to them later. We do not use built-in chat content to train any model. Conversations are stored encrypted at rest and in transit, and are retained until you delete them (see Section 8).

3. How We Use Your Information

We use your information to:

• Authenticate you via magic-link sign-in and manage your sessions
• Forward requests from your agents to the AI providers you select
• Display usage analytics, costs, and issue reports to you
• Process payments and manage your subscription
• Send transactional emails (sign-in links, billing notices)
• Enforce rate limits and detect abuse
• Maintain audit logs for security purposes

We do not use your information for advertising, profiling, or automated decision-making unrelated to operating the gateway.

4. Legal Bases for Processing (EEA / UK Users)

If you are located in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR (and UK GDPR) to process your personal data:

• Performance of a contract — to create and operate your account, authenticate you, route gateway traffic, store your provider credentials, and process payments
• Legitimate interests — to detect and prevent abuse, secure the Service, generate usage analytics for you, and maintain audit logs; we balance these interests against your rights and freedoms
• Consent — where we ask for it explicitly; you may withdraw consent at any time without affecting prior processing
• Legal obligation — to comply with tax, accounting, and other legal requirements that apply to us

5. Zero Data Retention

Dechained operates on a Zero Data Retention (ZDR) basis for the content of your gateway traffic. We do not log, store, or train on the prompts, inputs, tool calls, files, or model outputs that pass through our gateway; we retain only the routing and usage metadata described in Section 2.4.

ZDR does not apply to our built-in chat, an optional feature. Conversations there are stored so you can resume them, as described in Section 2.7, though we still never use them to train a model.

Once a request leaves our infrastructure for a model provider, that provider's privacy and retention policy applies to the data you send. You are responsible for selecting providers and provider-side settings that match your privacy requirements.

6. Third-Party Service Providers

We share data with the following categories of service providers, solely as necessary to operate the platform:

• AI providers — your prompts, tool calls, and other request payloads are forwarded to the provider you select, authenticated with your BYOK credentials
• Payment processing — Stripe processes payments and stores billing information
• Email delivery — transactional emails are sent through our email delivery provider
• Infrastructure — Dechained runs on cloud infrastructure providers for compute, edge networking, and storage

We do not sell, rent, or share your personal information with third parties for their own marketing purposes.

7. Data Storage and Security

Account data and usage metadata are stored with our infrastructure providers. Provider API keys are stored encrypted at rest and decrypted only in memory at the moment a request is forwarded. We use TLS for all data in transit, scoped session tokens, and rate limiting on sensitive endpoints.

If we become aware of a security incident that affects your personal data, we will notify you and any applicable regulators as required by law.

8. Data Retention

We retain your account data for as long as your account is active. Usage metadata is retained for as long as it is needed for billing, analytics, and abuse prevention. Sessions and magic-link tokens expire automatically. Built-in chat conversations are retained until you delete them or delete your account.

If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal, tax, or compliance reasons.

9. International Data Transfers

Dechained runs on a global network. Your data may be processed in any country where our infrastructure providers operate. By using the service, you consent to this transfer.

10. Cookies

We use strictly necessary cookies to keep you signed in and to provide security protections.

11. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate data
• Deletion — request deletion of your personal data
• Portability — request a machine-readable export of your data
• Objection — object to certain processing of your data
• Restriction — request that we limit processing of your data

To exercise any of these rights, contact us at privacy@dechained.ai.

EEA and UK users may also lodge a complaint with their local data protection supervisory authority. We do not make automated decisions that produce legal or similarly significant effects on you within the meaning of GDPR Article 22.

12. California and US State Privacy Rights

The categories of personal information we collect, our sources, and our purposes are described in Section 2 ("Information We Collect") and Section 3 ("How We Use Your Information"). The categories of recipients we share with are described in Section 6 ("Third-Party Service Providers").

In the preceding twelve months, we have not sold your personal information and we have not shared it for cross-context behavioral advertising, as those terms are defined under the California Consumer Privacy Act (CCPA), as amended by the CPRA. We do not knowingly collect sensitive personal information as defined by the CCPA.

In addition to the rights listed in Section 11, California residents have the right to:

• know what personal information we collect, use, and disclose
• request deletion of personal information we hold about you
• correct inaccurate personal information
• opt out of any future sale or sharing of personal information (we do not currently engage in either)
• limit the use of sensitive personal information (we do not knowingly collect any)
• not be discriminated against for exercising any of these rights

To exercise any of these rights, contact us at privacy@dechained.ai.

Residents of other US states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and Montana) have similar rights.

13. Children's Privacy

Our service is not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us and we will delete it.

14. Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the service prior to the change becoming effective. Continued use of the service after changes constitutes acceptance of the updated policy. The "Last updated" date at the top of this page indicates when the policy was last revised.

15. Contact

Questions about this policy or how we handle your data? Email us at privacy@dechained.ai. See also our Terms of Service.