Legal

Privacy Policy

We believe privacy is a right, not a feature. Here's exactly what we collect and why.

Last updated: June 2026 · Applies to keyfrog.top and api.keyfrog.top

1. Overview

The short version: We do not store your prompts or AI responses. We collect only what's necessary to run the service, process payments, and prevent abuse. We never sell your data.

This Privacy Policy describes how KeyFrog ("we", "us", "our") collects, uses, and protects information when you use our API aggregation platform at keyfrog.top and api.keyfrog.top.

Our servers are hosted in Singapore. This policy is intended to be consistent with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Singapore's Personal Data Protection Act (PDPA).

2. What We Collect

Category Data collected Purpose
Account Username, email address, hashed password Authentication & account management
Usage logs Timestamp, model used, token count (input/output), cost, API key ID Billing, quota enforcement, analytics
Payment Top-up amount, transaction ID, redemption code hash Credit balance management
Technical IP address, browser user-agent, request timestamps Security, abuse prevention, debugging
Communications Emails or messages you send us Support & correspondence

What we do NOT collect: We do not log, store, or inspect the content of your API prompts or AI-generated responses. Your conversations with AI models pass through our infrastructure but are not persisted.

3. How We Use Your Data

We use the data we collect strictly for:

  • Operating and improving the KeyFrog platform
  • Processing payments and managing your credit balance
  • Detecting and preventing fraud, abuse, and security threats
  • Sending transactional emails (account verification, low-balance alerts)
  • Responding to your support requests
  • Complying with legal obligations

We do not use your data for advertising, profiling, or training AI models.

4. Data Sharing

We do not sell your personal data. We may share data only in these limited circumstances:

  • Upstream model providers: Your API requests are forwarded to providers such as OpenAI, Anthropic, and Google. These providers have their own privacy policies. We recommend reviewing them. Your account information is not shared with these providers.
  • Payment processors: If applicable, payment data may be processed by third-party payment services.
  • Legal requirements: We may disclose data if required by law, court order, or to protect the rights and safety of our users.
  • Business transfers: In the event of a merger or acquisition, your data may be transferred as part of that transaction, with prior notice.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide services:

  • Account data: Retained until account deletion, plus 30 days for backup recovery.
  • Usage logs: Retained for 90 days for billing and dispute resolution, then deleted.
  • IP logs: Retained for 30 days for security purposes.
  • Payment records: Retained for 7 years as required for financial compliance.

You may request deletion of your account and associated data at any time by contacting us.

6. Security

We implement industry-standard security practices to protect your data:

  • All traffic encrypted via TLS 1.2+ (HTTPS)
  • Passwords stored using bcrypt hashing — never in plaintext
  • API keys are displayed only once at creation; we store only a hashed version
  • Access to production systems is restricted to authorized personnel
  • Regular security reviews and dependency audits

No system is 100% secure. If you discover a security vulnerability, please report it responsibly to security@keyfrog.top.

7. Cookies & Tracking

We use only essential cookies necessary to operate the Service:

  • Session cookie: Keeps you logged in during your session. Deleted when you close your browser or log out.
  • CSRF token: Protects against cross-site request forgery attacks.

We do not use advertising cookies, analytics tracking pixels, or third-party tracking scripts. We do not use Google Analytics or similar services.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your account and personal data
  • Portability: Request your data in a portable format
  • Objection: Object to certain uses of your data
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time

To exercise these rights, email privacy@keyfrog.top. We will respond within 30 days.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a minor has provided us with personal information, please contact us and we will delete it promptly.

10. International Data Transfers

Your data is stored on servers located in Singapore. If you access our Service from the European Economic Area (EEA) or other regions, your data may be transferred to Singapore, which may have different data protection laws than your country.

By using the Service, you consent to this transfer. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy.

11. Contact & Data Controller

For privacy-related inquiries, data access requests, or complaints:

If you are located in the EEA and are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.