Last updated: May 3, 2026
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified.
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find their contact details in the "Information on the Responsible Party" section of this privacy policy.
How do we collect your data?
On the one hand, your data is collected by you providing it to us. This can be, for example, data that you enter in a contact form.
What rights do you have regarding your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data at any time free of charge. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
Hosting Provider: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA (vercel.com/legal/privacy-policy).
Our website and application are hosted on Vercel's infrastructure. When you visit our website, Vercel automatically processes connection data (e.g., IP address, browser type, time of access, referrer URL) in server log files. This data is necessary to deliver the website and to ensure security and stability.
Database: Application data (account information, API keys, usage statistics) is stored in a PostgreSQL database operated by Supabase Inc. (USA), with our project hosted in the EU (Frankfurt region, AWS eu-central-1). A data processing agreement (DPA) according to Art. 28 GDPR is in place with Supabase, supplemented by Standard Contractual Clauses pursuant to Art. 46 GDPR for any transfers outside the EU. More information: supabase.com/privacy.
Legal basis: The use of the hosting provider is based on Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest in a secure, fast and efficient provision of our online offer).
International data transfer: Data may be transferred to the United States. Vercel adheres to the EU-U.S. Data Privacy Framework, providing an adequate level of data protection within the meaning of Art. 45 GDPR. Where applicable, transfers are additionally safeguarded by Standard Contractual Clauses pursuant to Art. 46 GDPR.
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
The responsible party for data processing on this website is:
ApeKey
Jaden Dahm
Sefferweg 13
54657 Neidenbach
Phone: 01759933457
Email: support@apekey.ai
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).
Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data.
Our website includes, among other things, tools from companies based in the USA. If these tools are active, your personal data may be transferred to the US servers of the respective companies. We point out that the USA is not a safe third country in the sense of EU data protection law.
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 para. 1 lit. b GDPR, if your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), if this has been requested.
You can register on this website to use additional functions on the site. We use the data entered for this purpose only for the purpose of using the respective offer or service for which you have registered.
For important changes, such as the scope of the offer or technically necessary changes, we use the email address provided during registration to inform you in this way.
The processing of the data entered during registration is based on your consent (Art. 6 para. 1 lit. a GDPR).
You have the following rights:
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
We are not legally required to appoint a data protection officer. If you have any questions regarding data protection, please contact us directly using the contact details provided in the "Information on the Responsible Party" section.
This website uses cookies. Cookies are small text files that are stored on your device and enable certain functions. We only use technically necessary cookies that are required for the basic functions of the website.
These cookies are essential for the website to function properly. They enable basic functions such as user authentication and session management.
We use the following technically necessary cookies:
Storage Duration: These cookies are session-based and are automatically deleted when you close your browser or log out.
The use of technically necessary cookies is based on Art. 6 para. 1 lit. f GDPR (legitimate interest). We have a legitimate interest in ensuring the functionality and security of our website. No consent is required for these cookies.
We offer the option to register and log in via third-party authentication providers (“Single Sign-On”). When you choose to log in this way, your authentication is handled by the respective provider and a unique identifier, your name, email address and (where available) profile picture are transmitted to us.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, USA). When you sign in with Google, your IP address is transmitted to Google and Google may set its own cookies. More information: policies.google.com/privacy.
Provider: GitHub B.V. (EU representative) and GitHub, Inc., 88 Colin P. Kelly Jr. Street, San Francisco, CA 94107, USA. When you sign in with GitHub, your IP address is transmitted to GitHub. More information: GitHub Privacy Statement.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract or pre-contractual measures) and, where applicable, Art. 6(1)(a) GDPR (your consent given at the OAuth provider). You can revoke OAuth access at any time in your account settings at the respective provider.
For paid plans we use the payment service provider Stripe. Provider in the EU/EEA: Stripe Payments Europe, Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. For users outside the EU/EEA: Stripe, Inc., 354 Oyster Point Boulevard, South San Francisco, CA 94080, USA.
When you initiate a payment, Stripe processes payment data (e.g., name, email address, billing address, card details or other payment instrument data, transaction information). Card details are entered directly on Stripe’s infrastructure and never reach our servers. We only receive transaction status, customer ID and invoice metadata.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract). A data processing agreement is in place with Stripe.
International transfers: Stripe adheres to the EU-U.S. Data Privacy Framework and uses Standard Contractual Clauses where applicable. More information: stripe.com/privacy.
We use Resend for sending transactional emails (e.g., account verification, team invitations, billing receipts, support replies). Provider: Resend, Inc., 2261 Market Street #5039, San Francisco, CA 94114, USA.
When we send you an email, your email address, name and the message content are processed by Resend on our behalf. Resend may also collect technical metadata (delivery status, bounce information).
Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest in reliable communication with our users). A data processing agreement is in place with Resend, supplemented by Standard Contractual Clauses for transfers to the United States. More information: resend.com/legal/privacy-policy.
The core function of our service is to forward your API requests to third-party AI model providers (“upstream providers”) and return their responses. When you use the API, the request payload (which may include prompts, context and other content you submit) is transmitted to the upstream provider you selected or that our routing layer selected for your request.
Upstream providers we may route to:
We do not store the body of your prompts or model responses on our own servers beyond what is necessary for caching, billing and abuse prevention. Aggregated metadata (token counts, latency, model used, request timestamp) is retained for analytics and billing.
Important: Do not include personal data, secrets or confidential information in prompts that you do not want transmitted to the selected upstream provider. You are responsible for the lawfulness of the content you submit through the API.
Legal basis: Art. 6(1)(b) GDPR (performance of the API gateway contract). Transfers to the United States are based on Standard Contractual Clauses pursuant to Art. 46 GDPR and, where applicable, the EU-U.S. Data Privacy Framework.
For each API request we record metadata such as request timestamp, API key identifier, model used, token usage, response status, latency and (truncated) error messages. This data is used for billing, rate limiting, analytics shown in your dashboard, abuse detection and troubleshooting.
Storage duration: API usage records are retained for the duration of your account plus the period required to fulfil legal retention obligations (in particular tax and commercial law: typically up to 10 years for invoice-relevant records). Other operational logs are deleted after 90 days unless required for security investigations.
Legal basis: Art. 6(1)(b) GDPR (contract performance, billing), Art. 6(1)(c) GDPR (legal obligations) and Art. 6(1)(f) GDPR (legitimate interest in operating a secure service).
The website registers a Service Worker (/sw.js) and uses your browser’s localStorage to cache static assets and to remember user-interface preferences (e.g., the cookie-notice acknowledgement, the cached profile picture for offline display). This data never leaves your browser and is not transmitted to us.
You can clear this data at any time via your browser settings. Disabling the Service Worker is possible but may degrade offline behaviour and load performance.
We reserve the right to update this Privacy Policy to reflect changes in our service, the providers we use, or applicable law. The version date at the top of this page indicates the latest revision. For material changes, registered users will be notified by email.