Legal

Privacy Policy

Last updated: April 2026

This policy explains what SRAN collects, why we collect it, and what we do with it. We wrote this in plain language because you should actually be able to read it.

What we collect

Account information

When you sign up, we collect your email address, a password hash, and optionally a display name. That's it. We don't ask for your phone number, date of birth, or address.

Usage data

When you send requests through SRAN, we record: the model used, token counts, latency, timestamp, and the API key that made the request. We do not log request or response bodies by default.

Optional body logging

You can opt in to request/response body logging per API key. Bodies are encrypted with a key unique to your organization and retained per your plan's retention window.

Cookies

We use a session cookie for authentication. We don't use third-party analytics or ad trackers on our dashboard. The public marketing site uses privacy-respecting analytics (Plausible) that doesn't set cookies or collect personal data.

How we use data

  • To operate SRAN — routing your requests, enforcing policies, billing you accurately
  • To detect abuse — rate limits, fraud signals, automated attacks
  • To improve the product — aggregate usage patterns, never individual requests
  • To respond to you — support tickets, security notices, product announcements you opted into

We do not train AI models on your data. We do not sell your data. We do not share your data with advertisers.

Who we share data with

  • Model providers — we forward your requests to the model provider you chose (OpenAI, Anthropic, etc.), subject to their privacy terms
  • Payment processor — Stripe handles billing; they get your payment details, not your request data
  • Cloud infrastructure — AWS hosts our systems under a signed DPA
  • Law enforcement — only with valid legal process. We publish a transparency report annually.

Your rights

You can:

  • Export all your data from the dashboard
  • Delete your account and all associated data (effective within 30 days)
  • Ask us what we have on you — email privacy@sran.ai
  • Object to processing or request rectification under GDPR if you're in the EU

Data location

Our primary infrastructure is in US-East. EU customers can request EU-region pinning on Pro and Enterprise plans.

Changes to this policy

When we change this policy materially, we'll email account holders at least 30 days before the change takes effect. Minor clarifications will be noted with a revised date at the top of this page.

Contact

Privacy questions: privacy@sran.ai
Data requests: privacy@sran.ai
EU representative: contact us for details