Legal

Privacy Policy

Last updated: May 1, 2026

What we collect

When you use Unify, we collect and store the following data:

Account information

  • ·Full name
  • ·Email address
  • ·Bcrypt-hashed password (never plaintext)

API key data

  • ·Key name
  • ·Platform (OpenAI, Stripe, etc.)
  • ·AES-256 encrypted key blob — never the plaintext key

Usage logs

  • ·Caller IP address
  • ·Country and city (via ip-api.com)
  • ·Request timestamp
  • ·HTTP status code
  • ·Token counts and cost (OpenAI/Anthropic)

Security data

  • ·Blocked IP list
  • ·Spend limits you configure
  • ·Terms acceptance timestamp and IP

What we never collect

We are explicitly designed to never handle the following:

Plaintext API keysPayment card numbersBank account detailsSocial security / national ID numbersBiometric dataThird-party cookies

Payment processing (when billing is active) is handled entirely by our payment processor. We never see or store your card details.

How we store your data

All data is stored in Supabase (PostgreSQL), hosted on infrastructure with encryption at rest. API key blobs are additionally encrypted at the application layer using AES-256-GCM before being written to the database.

Access to the database is restricted to service-role credentials that are never exposed to the browser or to third parties.

How we use your data

  • To operate the proxy service and authenticate your requests
  • To display usage analytics in your dashboard
  • To enforce spend limits and IP blocks you configure
  • To send transactional emails (account creation, billing) — no marketing without explicit opt-in

Third-party services

We use the following third-party services:

  • Supabase — database and infrastructure
  • Vercel — hosting and edge network
  • ip-api.com — IP geolocation (free tier, no personal data sent beyond the IP address)

Data retention

Your data is retained for as long as your account is active. Upon account deletion, all personal data including API key blobs, usage logs, and account information will be deleted within 30 days.

You may request immediate deletion by emailing legal@unify.app.

Your rights

You have the right to:

  • Access a copy of the data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data

To exercise any of these rights, contact legal@unify.app.

Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via the email address on your account. Continued use of the Service constitutes acceptance of the updated policy.

Contact

For privacy inquiries: legal@unify.app

HomeTerms of ServiceSecurity Policy