Legal

Privacy Policy

How RodiumAI collects, uses, and protects your personal data.

Effective date: June 7, 2026·Last updated: June 7, 2026

1. Who We Are

RodiumAI ("we", "us", "our") operates an AI infrastructure platform at https://rodiumai.io. We are an early-stage startup in market validation and are not yet registered as a legal entity. We are committed to handling your personal data responsibly.

Privacy inquiries: legal@rodiumai.io

2. Data We Collect

2.1 Account registration

When you create an account we collect: full name, email address, country of residence, and password (stored only as a cryptographic hash — never in plaintext). Optional: phone number and profile details you choose to provide.

2.1.1 Sign in with Google or GitHub — When you choose social sign-in we receive from the identity provider (via Google Firebase Authentication): email address, display name, provider user identifier, and profile photo URL if available. We use this solely to authenticate your account without a RodiumAI password. Google (policies.google.com/privacy) and GitHub (docs.github.com/en/site-policy/privacy-policies/github-privacy-statement) process your sign-in under their own policies.

2.2 Billing and payments

When you purchase RODI credits we collect transaction amounts, timestamps, country and local currency, payment method type, and operator or gateway reference numbers where applicable. We do not store full card numbers; regulated payment processors handle sensitive payment credentials.

2.2.1 Automated recharge (Mobile Money checkout). When you pay through our integrated checkout, you complete payment on your operator's Mobile Money flow. We receive confirmation metadata (amount, status, gateway reference) after payment. Your operator processes wallet credentials on its own systems.

2.2.2 Manual recharge (where offered) — If you transfer funds to a displayed account and submit proof, we collect: sender name as shown on your mobile wallet, external transaction ID from your operator, and a screenshot or image of your payment proof. Proof images may show additional personal data visible on your phone screen (balances, phone numbers, third-party names). Authorized RodiumAI staff review proofs solely to validate or reject the recharge.

2.2.3 Promotional programs — When you redeem a promo code we store the code entered and credit applied. For referrals we store the referral code used and the link between referrer and referee accounts. These programs do not involve your API prompt content.

2.3 Usage and analytics

  • API request metadata (timestamps, model slug, token counts, latency, RODI cost).
  • RODI credit consumption per request.
  • API key activity logs (key identifier, not the secret).
  • Browser type, device type, and IP address for security and fraud prevention.
  • Session data and cookies (see section 7).

We do not collect government ID numbers, biometrics, or sensitive categories (health, religion, political opinions) unless you voluntarily include them in support messages.

3. How We Use Your Data

  • Account management and authentication.
  • Delivering the Services: API routing, RODI billing, usage dashboards.
  • Transactional email (verification, team invites, recharge submitted/approved/rejected, low RODI balance, promo and referral credits credited).
  • Security, fraud prevention, and abuse detection.
  • Product analytics and platform improvement.
  • Legal compliance where required.

We do not sell, rent, or trade your personal data to third parties for their marketing.

5. Data Sharing and Third Parties

5.1 Model routing (OpenRouter, Azure, and direct upstreams)

Requests to https://api.rodiumai.io/v1 are routed to the cheapest healthy upstream for your selected catalogue model. Depending on the model, execution may go through OpenRouter (openrouter.ai/privacy), a direct API integration (Anthropic, OpenAI, Google, DeepSeek, MiniMax, Groq), or Microsoft Azure AI Foundry (azure.microsoft.com/products/ai-foundry) for hosted deployments. Your prompts and inputs are transmitted only to the upstream that runs the call; RodiumAI does not retain that content. Each upstream and underlying model vendor processes data under its own privacy policy.

5.2 Underlying model providers

Depending on the model you select, your data may be processed by the original provider or aggregator, including:

  • OpenRouter — openrouter.ai/privacy
  • OpenAI — openai.com/policies/privacy-policy
  • Anthropic — anthropic.com/privacy
  • Google — policies.google.com/privacy
  • DeepSeek — deepseek.com/privacy
  • MiniMax — minimax.io/privacy-policy
  • Microsoft (Azure AI Foundry) — privacy.microsoft.com/privacystatement
  • Mistral AI — mistral.ai/privacy
  • Meta — www.facebook.com/privacy/policy
  • xAI — x.ai/legal/privacy
  • Groq — groq.com/privacy

Our catalogue includes models from the families above and evolves over time. Some models (e.g. Meta Llama, Mistral, xAI Grok) may execute via Azure, OpenRouter, or another configured upstream. Review each vendor's policy before sending confidential data.

5.3 Payment processors and billing infrastructure

  • Authorized Mobile Money payment processors. Mobile Money collection and checkout under their own privacy policies.
  • Mobile Money operators (e.g. MTN, Orange, Wave, Airtel — depending on your selection) — process wallet transactions under their own terms.
  • Cloudinary (cloudinary.com/privacy) — hosts payment proof images you upload for manual recharges and, where you choose, profile avatars.
  • Authorized RodiumAI personnel — limited access to manual payment proofs and transaction records for validation, support, and fraud prevention.

5.4 Infrastructure, hosting, and transactional email

Transactional email is delivered primarily through Resend (resend.com/legal/privacy-policy). We may also use Amazon Simple Email Service — SES (aws.amazon.com/privacy) and/or a RodiumAI-operated SMTP relay (themailserver.rodiumai.io) when the primary provider is unavailable. Content is limited to account and billing notifications (verification codes, recharge status, low balance, team invites) — never your API prompt content.

  • Railway (railway.app) — application hosting, managed PostgreSQL, and Redis.
  • Cloudinary (cloudinary.com/privacy) — images and files (avatars, insight covers, payment proofs, marketing assets).
  • Amazon Web Services (aws.amazon.com/privacy) — S3 object storage when enabled; SES for transactional email when enabled.
  • Google Firebase (firebase.google.com/support/privacy) — Google/GitHub sign-in; optional Firebase Analytics / Google Analytics on the user site.
  • exchangerate.host — foreign-exchange rates used to quote local-currency RODI prices (no API prompt content).

5.5 Legal disclosure

We may disclose personal data when required by law, court order, or governmental authority, or when necessary to protect rights, prevent fraud, or protect user safety.

6. Data Retention

  • Account data: while your account is active, plus a reasonable period after closure.
  • Transaction records: at least five (5) years for financial compliance.
  • Manual payment proof images: retained for the same period as transaction records, or until a related dispute is closed, then deleted or anonymized where feasible.
  • Pending manual recharge metadata: until the transaction is approved, rejected, or otherwise finalized.
  • Usage metadata (no prompt content): up to twelve (12) months.
  • Support communications: up to two (2) years.

When no longer needed, we delete or anonymize data securely.

7. Cookies and Tracking

We use cookies and similar technologies to maintain sessions, prevent fraud, and measure platform performance. When enabled, Firebase Analytics / Google Analytics (Google) collects aggregate usage on the user application. Disabling some cookies may limit functionality. We do not use cookies for third-party advertising or cross-site tracking outside our platform.

8. Data Security

  • Password hashing with industry-standard algorithms.
  • HTTPS/TLS for data in transit.
  • API key encryption and access controls.
  • Role-based access for internal operations.
  • Audit logging of administrative actions.

No system is perfectly secure; we cannot guarantee absolute protection.

9. Your Rights

Depending on your jurisdiction you may have rights to access, rectify, erase, restrict, port, or object to processing of your personal data.

Contact legal@rodiumai.io to exercise these rights. We typically respond within 30 days.

10. Children's Privacy

The Services are not for anyone under 18. If you believe we collected a minor's data, contact legal@rodiumai.io and we will delete it promptly.

11. Changes to This Policy

We may update this Policy. Material changes will be notified by email at least fourteen (14) days before they take effect. The effective date at the top reflects the latest version.

12. Contact Us

  • Email: legal@rodiumai.io
  • Website: https://rodiumai.io