Privacy Policy
Last updated: July 1, 2026
Overview
FlexInference ("we", "us", "our") is a deadline-aware LLM inference router built on Cloudflare Workers. We route requests to OpenAI, Gemini, and Anthropic on your behalf, using your own API key for each provider (a model we call "bring your own key," or BYOK). Depending on how you configure a request, we either race a cheaper "flex" tier against a "default" fallback within a deadline you set (a "start_within" field), or send the request directly through a specific "default", "priority", or "auto" tier.
This Privacy Policy explains what personal information we collect when you use the FlexInference marketing site, dashboard, API, and SDKs, why we collect it, how we use and share it, and the choices you have. It applies to visitors to our website, developers and organizations who sign up for an account, and anyone who contacts us for support.
This policy does not cover the content of the prompts and completions that pass through FlexInference on their way to the AI provider you have chosen. As explained below, we do not store or log that content ourselves, and it remains subject to the privacy policy of the provider you connect.
This policy is effective as of July 1, 2026.
Information We Collect
We collect the following categories of information:
Account information. Signup and login are handled by WorkOS AuthKit. WorkOS collects your email address, name, and organization membership, and issues a session cookie that keeps you logged in. FlexInference's own code never handles or sees your password directly; that is managed entirely by WorkOS.
FlexInference API keys. When you create an API key to authenticate your own requests to FlexInference, we store only a SHA-256 hash of that key, keyed to your organization id, in Cloudflare Workers KV. The plaintext key is shown to you once, at the moment you create it, and is never stored or retrievable by us again. If you lose it, you will need to create a new one.
BYOK provider keys. The OpenAI, Gemini, or Anthropic API keys you connect to FlexInference are encrypted at rest with AES-256-GCM and stored in Cloudflare Workers KV, scoped to your organization. The master key used to encrypt and decrypt them is held separately, as a Worker secret in Cloudflare Secrets Store, and never leaves the edge. Your provider keys are decrypted only at the edge, at the moment we make a proxied request on your behalf, and are not stored anywhere in decrypted form.
Prompts and completions. We do not store or log the content of your prompts or completions. FlexInference is a network intermediary that forwards your request to the AI provider you selected, using your own key; we persist no content of our own. That content is subject to the privacy policy of the provider you chose, not this one.
Usage and billing metadata. When a request completes, we record metadata about it: the model name, which tier served the request (flex, default, priority, or auto), input, output, and cached token counts, a response id, your organization id, and a timestamp. This is stored in a Cloudflare D1 usage table, which powers the logs, analytics, and billing views in your dashboard. We also durably archive one structured log record per request - endpoint, model, tier, status, latency, and timestamp - in a Cloudflare R2 bucket. This metadata never includes the content of any prompt or response.
Error monitoring data. We use Sentry to catch and diagnose errors. Sentry is configured with sendDefaultPii set to false, so it does not attach headers, cookies, or request bodies to error reports. We also run a custom scrubber that redacts known FlexInference and provider API key patterns (including OpenAI, Anthropic, and Gemini formats) before an error report is sent, in case one would otherwise appear in an error message.
Product analytics and session replay. We use PostHog for product analytics, including session replay, to understand how people use our site and dashboard. On the public marketing site, replay captures page content as it appears. On the authenticated dashboard, where your API keys, provider keys, billing information, and logs are visible, all text and input fields are masked in replay recordings, so no sensitive content is ever captured there.
Cookies. WorkOS sets a session and authentication cookie so you can stay logged in. PostHog sets analytics cookies and local identifiers to associate activity with a session or user.
How We Use Information
We use the information described above to:
- Authenticate you and maintain your session
- Route, race, and proxy your inference requests according to the tier and deadline you configure
- Populate your dashboard with usage logs, analytics, and billing views
- Detect, diagnose, and fix errors and reliability issues
- Understand aggregate product usage so we can improve FlexInference
- Communicate with you about your account, changes to the service, or support requests
- Protect the security of our systems and prevent abuse
We do not use the content of your prompts or completions for any purpose, because we do not collect or retain it in the first place.
How We Share Information
We do not sell your personal information. We share information only with the service providers (subprocessors) who help us run FlexInference, and with the AI provider you choose to connect. These include:
- WorkOS - handles account signup, login, and session management
- Cloudflare (Workers, Workers KV, D1, R2, Secrets Store, and Analytics Engine) - our hosting and infrastructure provider: Workers KV stores API key hashes and encrypted provider keys, D1 stores usage and billing metadata, R2 durably archives per-request logs, Secrets Store holds the master BYOK encryption key, and Analytics Engine holds aggregate performance metrics
- Sentry - error monitoring, configured to exclude headers, cookies, and request bodies
- PostHog - product analytics and session replay
- Your chosen AI provider (OpenAI, Gemini, or Anthropic) - when you use BYOK, we forward your request, using your own key, directly to the provider you selected, so that provider receives and processes your prompt and completion content under its own privacy policy
We may also share information if required by law, to enforce our terms, or to protect the rights, property, or safety of FlexInference, our customers, or others.
Data Retention
We keep information for as long as it is needed for the purposes described in this policy:
- Account information is retained while your account is active and is deleted or anonymized within a reasonable period after you close your account or ask us to delete it.
- API key hashes are retained until you revoke or delete the corresponding key.
- Encrypted BYOK provider keys are retained until you remove them from your organization or close your account.
- Usage and billing metadata is retained to support your dashboard history, analytics, and billing records, including for legitimate accounting purposes.
- We never store prompt or completion content in the first place, so there is nothing of that kind for us to retain or delete.
- Error monitoring and analytics data is retained by Sentry and PostHog for the periods needed to diagnose issues and understand product usage, consistent with this policy.
If you would like us to delete your account information sooner, contact us at [email protected].
Security
We build FlexInference with the assumption that API keys and credentials are sensitive by default:
- BYOK provider keys are encrypted at rest with AES-256-GCM and stored in Cloudflare Workers KV, scoped per organization, and decrypted only transiently at the edge to make a proxied request. The master key used to encrypt and decrypt them is held separately, as a Worker secret in Cloudflare Secrets Store.
- FlexInference API keys are never stored in plaintext; we keep only a SHA-256 hash, and the plaintext is shown to you once, at creation.
- Our internal design principle is to never log keys or prompts, and our error monitoring includes a custom scrubber that redacts known FlexInference and provider API key patterns that might otherwise leak into an error message.
- Session authentication is handled by WorkOS, and error monitoring through Sentry is configured to exclude headers, cookies, and request bodies.
No system can guarantee perfect security, but these practices are designed to keep your credentials and account data protected in the ordinary course of using the service.
Your Rights and Choices
You can contact us at [email protected] to:
- Access the personal information we hold about you
- Correct inaccurate account information
- Delete your account and associated data
- Ask questions about how your information is used
Depending on where you live, you may have specific rights under laws such as the EU/UK General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA). We honor requests to access, correct, or delete personal information, and other applicable rights, on request, regardless of which law technically applies to you.
If you would like to opt out of product analytics, contact us and we will exclude your account from tracking, or use your browser's cookie and tracking controls to block analytics cookies. Note that on the dashboard, session replay already masks all text and input fields, so no sensitive content such as API keys, provider keys, or billing details is ever captured in a replay recording regardless of your analytics settings.
Children's Privacy
FlexInference is a developer tool and is not directed at, or intended for use by, children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have done so, we will delete it.
International Data Transfers
FlexInference runs on Cloudflare's global network, and the subprocessors listed above operate infrastructure in multiple countries, including the United States. This means your information may be processed or stored outside the country where you are located. Where required, we take steps to ensure that any international transfer of personal information is subject to appropriate safeguards.
Changes to This Policy
We may update this Privacy Policy from time to time as FlexInference evolves. If we make material changes, we will update the effective date below and, where appropriate, notify you through the dashboard or by email. We encourage you to review this page periodically.
This policy was last updated on July 1, 2026.
Contact Us
If you have questions about this Privacy Policy, want to exercise any of the rights described above, or need help with anything else, contact us at [email protected].