Privacy Policy

phi-cloud (“we”, “us”, “our”) is a stateless AI gateway operated from Switzerland. We provide a single OpenAI-compatible API that routes requests to upstream AI model providers (Anthropic, OpenAI, Mistral, Infomaniak) while enforcing per-region data residency and a hard PHI gate.

Contact: hello@phi-cloud.com

Account & identity data

• Email address — collected at sign-up (email/password or Google OAuth). Stored by Supabase Auth and used to identify your account.
• Google OAuth identity — if you sign in with Google, Supabase Auth receives your Google account ID and email. We do not receive your Google password or other Google profile data.
• Account metadata — stored inside your Supabase Auth user record: your preferred default region (country_code), Stripe customer ID (stripe_customer_id), API key version and issuance timestamp (key_version, key_issued_at).

Billing data

• Payment method, invoices, and subscription state are managed and stored exclusively by Stripe. phi-cloud only stores your Stripe customer ID in your Supabase Auth metadata. We never see or store your card number.
• Per-call usage cost (in micro-USD) is reported to Stripe as a meter event. We do not store call records, token counts, or prompt/response content.

Request traffic

• phi-cloud is a stateless proxy. Prompt and response payloads are forwarded to the upstream provider and are never logged or stored by phi-cloud. If a request carries the X-PHI: true header we route it only to a PHI-eligible provider/region pair — we do not inspect or store the content.
• Transient server logs (IP addresses, HTTP method, path, status code) may be retained for up to 30 days by our hosting provider (Vercel) in accordance with their data-processing terms.

No special categories by default

phi-cloud does not knowingly collect health data, financial records, or other special-category personal data for its own purposes. If your application routes PHI through the API, that data passes through to the upstream provider without being stored or processed by phi-cloud beyond the routing decision.

• Contract performance (Art. 6(1)(b) GDPR / nFADP equivalent) — processing your email and account metadata is necessary to provide the service you signed up for.
• Legitimate interests (Art. 6(1)(f) GDPR) — transient infrastructure logs (IP, path, status) to detect abuse and maintain security.
• Consent (Art. 6(1)(a) GDPR) — where you have given explicit consent, e.g. for optional communications.

For Swiss users, processing is based on equivalent grounds under the revised nFADP (Federal Act on Data Protection, in force 1 September 2023).

phi-cloud uses the following third-party sub-processors. Each sub-processor handles data only as instructed and under a data-processing agreement (DPA) or equivalent instrument.

Upstream AI providers may process prompt data in accordance with their own enterprise data policies. For PHI routes we route only to providers where a BAA or equivalent instrument is in place.

• Account data (email, metadata) is stored in Supabase Auth, hosted on AWS eu-central-1 (Frankfurt). It is retained for as long as your account is active and deleted within 30 days of account deletion.
• Billing data is retained by Stripe according to their data retention policy and applicable tax/accounting obligations (typically 7 years for invoices).
• API key metadata (key_version,key_issued_at) is stored in your Supabase Auth user record and deleted with your account.
• Request payloads are not retained by phi-cloud. Upstream provider retention policies apply to data sent to them.
• Infrastructure logs are retained for up to 30 days by Vercel.

• All traffic is encrypted in transit using TLS 1.2+.
• API keys are self-contained HMAC-signed tokens — phi-cloud never stores issued keys. Compromise of the signing secret would require rotation of all keys simultaneously; the secret is stored only in the deployment environment.
• Authentication is handled by Supabase Auth (bcrypt password hashing, OAuth PKCE flow).
• phi-cloud has a minimal attack surface by design: no application database eliminates whole classes of SQL injection and data-exfiltration risk.

Depending on your jurisdiction, you have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you.
• Rectification — correct inaccurate data.
• Erasure — request deletion of your data (“right to be forgotten”).
• Portability — receive your data in a machine-readable format.
• Restriction / objection — restrict or object to certain processing activities.

These rights apply under GDPR (EU), nFADP (Switzerland), UK GDPR, and similar laws. To exercise them, see our Data & Privacy page or email us at hello@phi-cloud.com.

You can delete your account and all associated data at any time from the Account Settings page in your dashboard. Alternatively, see the Data & Privacy page or email hello@phi-cloud.com.

Upon deletion: your Supabase Auth record (email, metadata, API key version) is removed immediately. Stripe retains billing records as required by law. Upstream provider logs are subject to their own retention policies.

phi-cloud uses a single session cookie set by Supabase Auth to maintain your login state. No third-party tracking or advertising cookies are set. We do not use analytics cookies.

We may update this policy from time to time. The effective date at the top of this page will reflect the latest revision. For material changes, we will notify registered users by email.

For privacy-related questions or to exercise your rights, contact us at: hello@phi-cloud.com.

phi-cloud is operated from Switzerland. You have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) at edoeb.admin.ch or your local supervisory authority.