Realrouter privacy policy

How the Realrouter website, API, and mobile app handle user data.

Last updated May 21, 2026.

What we collect

Account information: the email address you use to sign in to the dashboard and the account records needed to manage API keys, balance, billing, and support.
API key information: hashed API key records, key labels, creation times, last-used metadata, and revocation state. We do not display full API keys after creation.
Usage metadata: model, token counts, timestamps, status, response IDs, file IDs, and credit debits needed to operate quotas, billing, abuse prevention, and support.
Prompts, responses, and attachments: content you submit through the API, website playground, or mobile app is processed to provide the requested response. Images and files may be uploaded to infrastructure we control and served through short-lived signed URLs.
Mobile app data: the iOS app stores your RealRouter API key in device secure storage and stores chat history on your device. Device chat history is not synced unless you send content to the API.

No location data, no device identifiers beyond what HTTPS itself carries, no contacts, no advertising identifiers.
The mobile app does not run any third-party analytics or tracking SDKs.
We do not sell personal information or use RealRouter app data for cross-app advertising tracking.

Requests are routed to OpenAI ChatGPT subscription accounts or the configured Claude Code route. The relevant upstream privacy practices apply to processing.
Payment processing, when available, is handled by Stripe. RealRouter does not store full card numbers.
App hosting, databases, object storage, and email delivery may be provided by infrastructure vendors we use to operate the service.

Camera access is used only when you choose to take a photo attachment for a chat.
Photo library access is used only when you attach selected images, preview recent photos for attachment, or save a generated image.
The iOS app does not request microphone, location, contacts, calendar, or advertising tracking permissions.

To provide API and chat responses, file processing, image handling, account access, billing, support, security, abuse prevention, and service reliability.
To calculate usage and credit balances and to investigate failed or disputed requests.
To comply with applicable law, developer platform requirements, and security obligations.

Account records persist for as long as your account is active or as needed for billing, security, and legal records.
Usage event rows are retained for 90 days for billing reconciliation, then purged.
Image blobs expire automatically; signed URLs are short-lived and the underlying object is GCed on schedule.
Mobile chat history stays on your device until you delete conversations or uninstall the app.

You can request account export, correction, or deletion by emailing the contact below from the email address associated with your account.
You can rotate API keys from the dashboard; old keys are revoked immediately.
You can remove the API key from the mobile app in Settings and delete local chat conversations from the app.