Privacy Policy
1. Data Controller
The controller of your personal data is:
IT Kings, s.r.o.
Hlavna 561, 951 78 Kolinany
Slovak Republic
ICO: 45528110
DIC: 2023032330
IC DPH: SK2023032330
Email: privacy@aispendguard.com
We process personal data in accordance with Regulation (EU) 2016/679 (the “GDPR”) and Act No. 18/2018 Coll. on the Protection of Personal Data of the Slovak Republic.
2. Our Core Privacy Principle
AISpendGuard is a tags-only platform. We never store prompts, completions, model outputs, or end-user content.
The usage events you send to our ingest API contain only metadata: provider name, model identifier, token counts, latency, cost, and your custom tags (e.g., feature, route, task_type). Our ingest pipeline actively rejects any payload containing forbidden keys such as prompt, completion, output, content, or message.
3. What Data We Collect
3.1 Account Data
When you create an account via Clerk, we receive and process:
- Email address
- Display name
- Profile photo (if provided via social login)
- Clerk user ID (internal identifier)
Legal basis:Performance of a contract (Art. 6(1)(b) GDPR) — necessary to provide your account and the Service.
3.2 Workspace & Membership Data
- Workspace name, external identifier
- Membership role (Owner, Admin, Member, Viewer)
- API key hashes (SHA-256; raw keys are never stored)
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).
3.3 Usage Event Data (Tags Only)
Each event sent to POST /api/ingest contains:
| Field | Type | Example |
|---|---|---|
provider | string | openai, anthropic, google |
model | string | gpt-4o-mini |
input_tokens | integer | 1200 |
output_tokens | integer | 150 |
latency_ms | integer | 840 |
cost_usd | float (optional) | 0.0045 |
timestamp | ISO-8601 | 2026-03-06T12:30:45Z |
tags | key-value object | task_type, feature, route |
Tags may include customer_plan or customer_id (an opaque internal identifier — never email or PII). Maximum 24 tags per event, 120 characters per value.
Forbidden fields (rejected at ingest): prompt, completion, output, content, message, attachment, and all their variants.
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).
3.4 Billing Data
When you subscribe to a paid plan, Stripe collects your payment details directly. We store only:
- Stripe Customer ID
- Stripe Subscription ID
- Plan tier (Free or Pro)
- Subscription status (active, past_due, canceled)
We never receive or store your full credit card number, bank account, or other payment instrument details. These are handled entirely by Stripe, which acts as an independent controller under its own privacy policy.
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).
3.5 Email Communications
We may send you transactional emails for:
- Budget threshold alerts (when your AI spend reaches 75% or 90% of your configured budget)
- Workspace member invitations
- Service notifications (material changes to Terms or Privacy Policy)
These emails are sent via Resend, which processes your email address solely to deliver the message. Email delivery logs are retained by Resend for 30 days, after which they are automatically deleted.
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) for alerts and invitations; legitimate interest (Art. 6(1)(f) GDPR) for service notifications.
We do not send marketing emails. If we introduce marketing communications in the future, we will obtain your explicit opt-in consent and provide an unsubscribe mechanism in every message.
3.6 Aggregated & Derived Data
- Daily Rollups: Aggregated summaries of usage events grouped by date, provider, feature, route, task type, and customer plan. No per-event detail.
- Monthly Event Count: Atomic counter per workspace per month for limit enforcement.
- Waste Findings: Computed on demand from a 30-day rolling window of rollups. Not stored permanently.
- Model Prices: Public pricing data from the LiteLLM community dataset, refreshed daily. Contains no personal data.
3.7 Technical & Log Data
Our hosting provider (Vercel) may collect:
- IP address
- Browser user agent
- Request timestamps and URLs
- Performance metrics
This data is processed by Vercel under its own privacy policy and is used for service operation and security.
Legal basis:Legitimate interest (Art. 6(1)(f) GDPR) — ensuring security and availability of the Service.
3.8 Product Analytics (PostHog)
We use PostHog(EU Cloud) to understand how visitors and users interact with the Service — for example, which pages are visited, which features are used, and where users encounter difficulties.
PostHog collects:
- Page views and page leave events
- Click interactions (autocapture)
- Browser type, viewport size, and operating system
- Referrer URL
PostHog does not set cookies or use localStorage. We use in-memory persistence only, so no data persists across page reloads for anonymous visitors. Only signed-in users who are explicitly identified receive a person profile.
Analytics data is hosted on PostHog’s EU Cloud infrastructure and proxied through our domain (ph.aispendguard.com). No analytics data is sent to third-party tracking domains.
Legal basis:Legitimate interest (Art. 6(1)(f) GDPR) — understanding product usage to improve the Service.
4. Cookies
We use only strictly necessary cookies:
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
asg_workspace_id | Stores your currently active workspace selection | Session | First-party, strictly necessary |
__clerk_* | Authentication session management (set by Clerk) | Session / persistent | First-party, strictly necessary |
We do not use marketing or preference cookies. Our product analytics (PostHog) uses in-memory persistence only and does not set any cookies or use localStorage. No consent banner is required as all cookies are strictly necessary for the functioning of the Service (Art. 5(3) ePrivacy Directive).
5. Sub-Processors & Third Parties
We use the following third-party services that may process personal data on our behalf:
| Service | Purpose | Data Processed | Location |
|---|---|---|---|
| Clerk | Authentication & user management | Email, name, profile photo, session data | USA (EU SCCs in place) |
| Neon (PostgreSQL) | Database hosting | All workspace, event, and account data | EU (Frankfurt region) |
| Vercel | Application hosting & serverless functions | IP addresses, request metadata, server logs | USA/EU (EU SCCs in place) |
| Stripe | Payment processing | Billing details, payment method (independent controller) | USA (EU SCCs in place) |
| Resend | Transactional email delivery | Recipient email address, email content | USA (EU SCCs in place) |
| Cloudflare | DNS management, inbound email routing | DNS queries, sender/recipient email addresses, email metadata | USA / EU (EU SCCs in place) |
| PostHog | Product analytics (cookieless) | Page views, click events, browser type, viewport (no cookies) | EU (EU Cloud) |
For services based in the USA, data transfers are safeguarded under Standard Contractual Clauses (SCCs) as approved by the European Commission, and where applicable, the EU-U.S. Data Privacy Framework.
6. Data Retention
| Data Category | Retention Period | Basis |
|---|---|---|
| Account data | Until account deletion + 30 days | Contract performance |
| Usage events & daily rollups | 12 months from ingestion date | Contract performance, billing audit |
| Monthly event counts | Rolling 3 months | Limit enforcement |
| Billing records (Stripe IDs, plan history) | 10 years from transaction date | Legal obligation (Slovak tax law) |
| Transactional email logs (Resend) | 30 days | Legitimate interest (delivery assurance) |
| Server logs (Vercel) | 30 days | Legitimate interest (security) |
After the retention period, data is permanently deleted or irreversibly anonymised.
7. Data Security
We implement appropriate technical and organisational measures including:
- Encryption in transit: All data is transmitted over HTTPS/TLS 1.2+.
- Encryption at rest: Database encrypted at the storage layer (Neon managed encryption).
- API key security: Keys are hashed (SHA-256) before storage. Raw keys shown once at creation only.
- Privacy guard: Automated rejection of forbidden fields (prompt, output, content, etc.) at both SDK and API level.
- Workspace isolation: Multi-tenant architecture ensures data is strictly separated between workspaces.
- Authentication: Clerk-managed authentication with session-based access control and role-based permissions (Owner, Admin, Member, Viewer).
- Cron job security: Vercel cron signature verification with fail-closed behaviour in production.
- Batch size limits: Maximum 500 events per ingest request to prevent abuse.
8. Your Rights Under GDPR
As a data subject, you have the following rights. To exercise any of them, contact us at privacy@aispendguard.com. We will respond within 30 days.
| Right | Article | Description |
|---|---|---|
| Access | Art. 15 | Obtain a copy of your personal data we process. |
| Rectification | Art. 16 | Correct inaccurate or incomplete personal data. |
| Erasure | Art. 17 | Request deletion of your personal data (“right to be forgotten”). |
| Restriction | Art. 18 | Restrict processing of your data in certain circumstances. |
| Data Portability | Art. 20 | Receive your data in a structured, machine-readable format (JSON). |
| Objection | Art. 21 | Object to processing based on legitimate interest. |
| Withdraw Consent | Art. 7(3) | Withdraw consent at any time (where consent is the legal basis). |
If you believe we have not adequately addressed your request, you have the right to lodge a complaint with the supervisory authority (see Section 10).
9. Automated Decision-Making
AISpendGuard uses deterministic rule-based waste detection (wrong model tier, free-tier subsidy, RAG bloat, batchable workloads) to generate savings recommendations. These rules operate on aggregated, anonymised usage patterns — not on individual personal data.
No automated decisions are made that produce legal effects or similarly significantly affect you as defined under Art. 22 GDPR. All recommendations are advisory and require human action to implement.
10. Supervisory Authority
If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the competent supervisory authority:
Urad na ochranu osobnych udajov Slovenskej republiky
(Office for Personal Data Protection of the Slovak Republic)
Hranicna 12
820 07 Bratislava 27
Slovak Republic
Phone: +421 2 3231 3214
If you reside in a different EU/EEA member state, you may also lodge a complaint with your local supervisory authority.
11. Children’s Privacy
The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated via the dashboard or email at least 14 days before they take effect. The “Last updated” date at the top indicates the most recent revision.
13. Contact Us
For any privacy-related questions or data subject requests: