Privacy Policy

Effective date: March 8, 2026
Privacy contact: [email protected]
Scope: Applies to Metaio Lab platform, APIs, dashboard, routing layer, and related services.

Translated versions of this Privacy Policy are provided for convenience. If there is any conflict between a translation and the English version, the English version controls.

Quick summary

We collect account, usage, security, and operational information to provide, secure, maintain, bill, and improve the Service.
Depending on configuration and operational needs, prompts, inputs, outputs, files, and logs may be processed or stored for service delivery, abuse prevention, support, billing, and analytics.
We may share information with infrastructure, model, analytics, support, and payment providers that help operate the Service.
Retention periods vary depending on the type of data and legal, security, and operational needs.
Depending on where you live, you may have privacy rights such as access, correction, deletion, restriction, objection, or data portability.

1. Information We Collect

We may collect the following categories of information:

Account information, such as your name, email address, username, organization, billing contact, and account preferences.
Authentication and security information, such as login events, IP addresses, approximate location derived from IP, browser or device details, MFA events, and API key activity.
Usage and service information, such as timestamps, request metadata, model selections, quota usage, rate-limit events, billing-related records, audit events, and operational logs.
Customer content, including prompts, instructions, inputs, files, outputs, and related content processed through the Service, to the extent needed to operate, secure, support, or improve the Service.
Communications, such as support tickets, emails, feedback, and survey responses.
Payment information, if paid access is offered, usually processed by third-party payment providers rather than stored in full by us.

2. How We Use Information

We may use information to:

provide, operate, maintain, and improve the Service;
authenticate users and organizations;
route requests to model providers or infrastructure providers;
enforce rate limits, quotas, usage restrictions, and billing rules;
detect, investigate, and prevent abuse, fraud, spam, misuse, and security incidents;
communicate with you about your account, support requests, service updates, and policy changes;
comply with legal obligations and enforce our agreements; and
analyze service reliability, quality, and performance.

3. API Inputs, Outputs, and Logs

Depending on product configuration, account settings, operational needs, and legal requirements, we may process and temporarily or persistently store prompts, inputs, outputs, files, and logs for service delivery, troubleshooting, abuse prevention, billing, quality control, security review, and operational analytics.

Please avoid submitting sensitive personal information unless it is necessary, lawful, and permitted by your own policies and applicable law.

4. Legal Bases for Processing

Where required by applicable law, we process personal information on one or more of the following bases:

performance of a contract with you;
compliance with legal obligations;
our legitimate interests, such as securing, operating, and improving the Service; and
your consent, where consent is required.

We may share information with:

model providers, infrastructure providers, hosting providers, analytics providers, customer support tools, and payment processors that help us operate the Service;
professional advisors, auditors, insurers, and legal authorities where reasonably necessary;
affiliates or contractors working on our behalf under appropriate obligations; and
parties involved in a merger, acquisition, financing, reorganization, bankruptcy, or asset sale.

We do not sell personal information for money in the ordinary course of operating the Service.

6. International Transfers

Your information may be processed in countries other than the country where you live, including countries whose privacy laws may differ from those in your jurisdiction. Where required, we take reasonable steps designed to support lawful transfer mechanisms.

7. Data Retention

We retain personal information for as long as reasonably necessary to provide the Service, maintain security, comply with legal obligations, resolve disputes, enforce agreements, and support legitimate operational needs. Retention periods may vary depending on the type of information, product settings, and legal or operational requirements.

8. Security

We use reasonable technical, administrative, and organizational measures designed to protect personal information. However, no transmission method, storage system, or security control is completely secure, and we cannot guarantee absolute security.

9. Your Rights

Depending on where you live, you may have privacy rights regarding your personal information, such as rights to access, correct, delete, restrict, object, withdraw consent, or receive a portable copy of certain data.

To make a privacy request, contact us at [email protected]. We may need to verify your identity before processing your request.

10. Children’s Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, contact us so we can review the issue and take appropriate action.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version with a revised effective date. Your continued use of the Service after an updated policy becomes effective means the updated policy will apply to future use of the Service.

12. Contact

For privacy-related questions or requests, contact: [email protected]