Hosted privacy policy

Sage Router Privacy

Effective June 19, 2026. This policy describes the hosted Sage Router web app, public API edge, account system, billing flows, API keys, usage quotas, and route analytics.

Privacy Boundary

Launch analytics are designed to be privacy-safe. The hosted funnel and route telemetry should not return or store prompt bodies, message bodies, raw provider responses, provider credentials, OAuth tokens, plaintext API keys, or customer email addresses in operator analytics responses.

Data We Process

  • Account identifiers from Supabase Auth, such as user id and email for account access.
  • Billing metadata from Stripe or manual settlement, such as customer id, subscription status, selected plan, and payment lifecycle status.
  • Generated API key metadata, including key prefix, key status, plan, timestamps, and hashed key material. Raw generated keys are shown once.
  • Usage counters for quota enforcement, rate limits, first-request tracking, paid conversion tracking, and retained paid account tracking.
  • Route telemetry such as selected provider/model, status, timing, error class, estimated token counts, and fallback behavior.

Provider Credentials

Sage Router is local-first by design. Provider credentials should stay on customer-controlled machines, private routers, or Tailnet hosts by default. Do not send provider credentials, OAuth tokens, private keys, or raw secrets to support channels unless a separate secure process has been agreed.

How Data Is Used

Hosted data is used to authenticate users, enforce generated API key access, apply quotas and rate limits, process billing, provide status and route telemetry, detect abuse, debug reliability, and improve the product.

Third-Party Services

The hosted service uses infrastructure and services such as Supabase, Stripe, Cloudflare, Google Cloud, GitHub, and customer-selected model providers. Those services may process data according to their own terms and privacy policies.

Retention and Deletion

Operational records may be retained as needed for security, billing, accounting, abuse prevention, reliability debugging, and legal obligations. Customers may revoke generated API keys from the account page and may request account review or deletion through the support path published by the project.

Security

The hosted web app uses HTTPS, HSTS, a Content Security Policy, frame blocking, referrer controls, and account/API-key auth gates. These controls reduce risk but do not replace customer responsibility for securing their own provider accounts, local routers, API keys, and Tailnet hosts.