Privacy

Privacy Policy

Effective May 24, 2026

This policy explains what Bypath collects and how it is used to operate the waitlist, accounts, billing, and API service.

Information we collect

• Email address and account status.
• Hashed session, IP, and user-agent metadata used for security and abuse prevention.
• Waitlist, confirmation, invite, password-reset, and email-delivery metadata.
• API request metadata such as route, status, model, latency, token counts, and error code.
• Billing identifiers and subscription status from Stripe when billing is enabled.

Prompt and response content

Bypath is designed not to store prompt or response bodies in its database. API logs store metadata and token counts only. Requests are forwarded to the configured upstream model provider so the API can return model output.

Service providers

Bypath uses infrastructure and service providers including Cloudflare, DeepInfra, Resend, Stripe, and Cloudflare Turnstile. These providers process data as needed for hosting, model inference, email delivery, payment, and bot protection.

Retention

Operational metadata is retained only as long as needed for security, billing, support, abuse prevention, and service reliability. Retention windows are configured for rate-limit, API-log, email-delivery, and webhook metadata.

Your choices

You can request account or waitlist help by contacting hello@bypath.dev. Some records may be retained where needed for security, billing, legal, or abuse-prevention purposes.