Privacy Policy

Last updated: January 22, 2026

The Short Version

We collect only what's necessary to provide AI spend monitoring. We never see your API keys, prompts, or responses. We don't sell your data. When you leave, we delete your data.

What We Collect

Account Information

  • From GitHub OAuth: Email address, username, and GitHub user ID
  • Why: To create your account and send notifications

AI Spend Data

  • What: Daily costs, request counts, and model usage from OpenAI and Anthropic
  • Why: To calculate baselines, detect anomalies, and send budget alerts
  • How: Your collector (running in your infrastructure) sends this to us

Preferences

  • Monthly budget settings
  • Notification preferences (email/Slack)
  • Slack webhook URL (if you choose Slack notifications)

What We Don't Collect

This is important. We never have access to:

  • Your API keys — They stay in your collector, which runs in your infrastructure
  • Your prompts or responses — We only see aggregated cost and usage data
  • The content of your AI interactions — None of it, ever

How We Use Your Data

  • Calculate spending baselines and detect anomalies
  • Send budget alerts and weekly summaries
  • Display your usage in the dashboard
  • Send important account emails (trial reminders, subscription updates)

We don't sell, rent, or share your data with third parties for marketing purposes.

Data Storage & Security

  • Where: Cloudflare's global network (D1 database)
  • Encryption: All data transmitted over HTTPS; stored data encrypted at rest
  • Retention: Usage data kept for 90 days; older data automatically deleted
  • Access: Only the DriftInsight team has access, and only for support/debugging

Data Deletion

  • You cancel: Access continues until your billing period ends, then data deleted within 30 days
  • Trial expires: Data deleted within 30 days if you don't subscribe
  • You request deletion: Contact us and we'll delete everything within 7 days

Cookies

We use a single session cookie to keep you logged in. That's it. No tracking cookies, no analytics cookies, no third-party cookies.

Third-Party Services

  • Cloudflare: Hosting and database (they're our infrastructure provider)
  • GitHub: Authentication only (we use OAuth, they don't see your spend data)
  • Payment processor: Handles payments (we don't store your card details)

Your Rights

You can:

  • Access your data (it's all visible in your dashboard)
  • Export your data (contact us)
  • Delete your account and all data (contact us)
  • Update your notification preferences anytime

Changes to This Policy

If we make significant changes, we'll email you. Minor clarifications won't trigger an email, but we'll update the "last updated" date.

Contact

Questions? Email us at info@driftinsight.dev