Skip to main content
This policy describes how MixRoute collects, uses, discloses, retains, and protects the personal data and service data it actually holds. Unless otherwise expressly agreed in writing, MixRoute, as an AI API routing and transit platform, does not retain the text content of prompts, completions, or other requests/responses transmitted by customers through the API. MixRoute processes only the limited technical metadata necessary for service delivery, billing, security, abuse prevention, and legal compliance.

1. Data We Process

  • Account and contact data: such as name, company name, job title, email address, phone number, and login and account identification information.
  • Transaction and billing data: such as plan details, payment status, invoices, tax information, and top-up or deduction records.
  • Technical metadata: such as timestamps, model names, token counts, status codes, latency, source IPs, User-Agent, request IDs, account or organization identifiers, and necessary security event logs.
  • Website and console data: such as browser, device, cookies, login records, page interactions, and basic analytics data.

2. Data We Do Not Retain

  • In the course of API routing, MixRoute processes request and response content at the memory level in real time and forwards it to the designated model provider; such content is not written to disk, logs, or any persistent storage.
  • MixRoute does not write prompts, completions, images, audio, or other Payload content to general application logs, analytics systems, or long-term storage systems.
  • MixRoute does not use such content to train any models.

3. How We Use Data

  • To provide, maintain, and operate the website, console, API, and customer support.
  • To verify accounts, manage permissions, calculate usage, generate invoices, process payments, and perform reconciliation.
  • To monitor latency, error rates, availability, anomalous requests, and security risks, and to implement anti-fraud, abuse prevention, and platform protection measures.
  • To comply with applicable laws, court orders, regulatory requirements, tax obligations, and dispute resolution needs.

4. Data Role Classification

  • With respect to account, payment, website, and proprietary operational data, MixRoute generally acts as a data controller or equivalent role.
  • With respect to data submitted by customers through the Services, MixRoute may act as a controller, processor, entrusted processor, or other applicable role, depending on the service architecture, contractual arrangements, and applicable law.
  • If both parties have executed a Data Processing Addendum (DPA) or Order Form, the role allocation and order of precedence set forth in those documents shall govern.

5. Third-Party Model Providers and Cross-Border Transfers

  • API requests will be forwarded to third-party model providers, cloud infrastructure, payment services, or other third-party vendors in accordance with customer configuration or service logic.
  • Since MixRoute does not retain the text content of requests and responses, MixRoute is generally unable to provide subsequent retrieval, disclosure, or deletion of such content; however, upstream providers may process such data in accordance with their own terms, privacy policies, and applicable law.
  • As the Services are global in scope and built on a cross-border technical architecture, data may be processed or transferred in regions outside your jurisdiction. MixRoute will implement reasonable and appropriate safeguards as required by applicable law.

6. Data Disclosure and Retention

  • MixRoute discloses the data it actually holds to vendors, consultants, professional service providers, or regulatory authorities only to the extent necessary for service delivery, payment processing, legal compliance, security incident handling, abuse prevention, auditing, or other legitimate purposes.
  • Account, transaction, and contractual data may be retained for the duration of the account and any legally required retention periods.
  • Technical metadata is retained only for the period necessary for billing, operational monitoring, security, abuse prevention, and legal compliance.
  • Prompt, completion, and other Payload content does not constitute data subject to long-term retention by MixRoute.

7. Your Rights

  • To the extent provided by applicable law, you or the relevant data subject may request access, review, copies, correction, deletion, restriction of processing, objection to processing, withdrawal of consent, or, where applicable, data portability.
  • MixRoute may refuse or limit certain requests on grounds of identity verification, security, trade secrets, third-party rights, technical feasibility, or as otherwise permitted by law.
  • Since MixRoute does not retain request/response text content, requests for access, deletion, or copies relating to such content should, in principle, be directed to the upstream provider that actually retains the data.

8. Data Security and Contact Information

  • MixRoute implements reasonable technical, administrative, and organizational security measures to protect data against unauthorized access, use, disclosure, alteration, or destruction.
  • If you have questions about this policy or the processing of personal data, or wish to exercise your data subject rights, please contact: legal@mixroute.ai. For the company name, address, and legal/privacy contact, please refer to the information set out on the official website or in the Order Form.
  • MixRoute may amend this policy from time to time; material changes will be communicated via the website, console, email, or other reasonable means.
This policy should be read together with MixRoute’s Terms of Service, Order Form, DPA (if applicable), and other applicable service documents. In the event of any conflict, the express provisions of those documents shall take precedence.