Privacy

Privacy Policy

Effective May 24, 2026

This policy explains what Bypath collects and how it is used to operate the waitlist, accounts, billing, and API service.

Information we collect

• Email address and account status.
• Hashed session, IP, and user-agent metadata used for security and abuse prevention.
• Waitlist, confirmation, invite, password-reset, and email-delivery metadata.
• API request metadata such as route, status, model, latency, token counts, and error code.
• Billing identifiers and subscription status from Stripe when billing is enabled.

Prompt and response content

Bypath is designed not to store prompt or response bodies in its database. API logs store metadata and token counts only. Prompt and response content is sent to the configured model provider as needed to generate API responses, and that provider may process it under its own terms and privacy commitments.

Service providers

Bypath uses service providers including Cloudflare, the configured model inference provider, Resend, Stripe, and Cloudflare Turnstile. These providers process data as needed for hosting, model inference, email delivery, payment, and bot protection.

Retention

Operational metadata is retained only as long as needed for security, billing, support, abuse prevention, and service reliability. Retention windows are configured for rate-limit, API-log, email-delivery, and webhook metadata.

Your choices

You can request account or waitlist help by contacting hello@bypath.dev. Some records may be retained where needed for security, billing, legal, or abuse-prevention purposes.