Privacy Policy

한국어 버전 보기

1. Introduction

BROZ Corp. ("Company," "we," "us," or "our") operates everyais, a multi-cloud AI API gateway service available at everyais.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect:

• Name and email address
• Phone number (optional)
• Organization information (optional)
• Authentication credentials managed through AWS Cognito

2.2 Payment Information

Payment processing is handled by third-party processors (Polar.sh and Hecto Financial). We do not store your full credit card number or payment credentials. We receive transaction confirmation data such as payment status, amount, and transaction ID.

2.3 API Usage Data

When you use our API, we collect:

• AI model used and provider routed to
• Token counts (input and output)
• Request timestamps and response times
• IP address
• API key identifier (hashed)

2.4 AI Input/Output Data

Prompts and responses processed through our API are temporarily stored for up to 24 hours for service delivery purposes (e.g., output retrieval via presigned URLs). This data is automatically deleted after the retention period.

2.5 Device & Technical Data

We automatically collect technical information including browser type, operating system, IP address, device type, and referring URLs when you visit our website.

2.6 Cookies & Tracking

We use essential cookies for authentication and session management. We may use analytics cookies to understand how our Service is used. You can control cookie preferences through your browser settings.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process API requests and route them to appropriate AI providers
• Calculate billing and manage credits
• Authenticate users and manage API keys
• Respond to customer support inquiries
• Detect and prevent fraud, abuse, and security incidents
• Generate aggregated and anonymized analytics to improve our Service
• Comply with legal obligations

4. Data Retention

5. Data Sharing & Third Parties

We share your data only as necessary to provide the Service:

5.1 AI Cloud Providers

Your API input data (prompts) is forwarded to the selected AI provider for processing. These providers include AWS Bedrock, Google Vertex AI, Kakao GPU, Lambda GPU, and Nebius GPU. Each provider processes data according to their own privacy policies.

5.2 Payment Processors

Payment data is processed by Polar.sh (global payments) and Hecto Financial (Korean domestic payments). We do not store your full payment credentials.

5.3 Infrastructure Providers

We use AWS for cloud infrastructure and Vercel for web hosting. These providers may process data as part of service delivery.

5.4 No Sale of Personal Data

We do not sell, rent, or trade your personal information to third parties for marketing or advertising purposes.

6. International Data Transfers

Your data may be processed in multiple regions depending on the AI provider selected:

• United States (AWS us-east-1) — AI model inference via AWS Bedrock
• Republic of Korea (AWS ap-northeast-2) — Authentication, billing, account management
• United States / Global — Google Vertex AI processing
• Netherlands / Finland — Nebius GPU processing

We implement appropriate safeguards to protect your data during international transfers, including encryption in transit (TLS) and at rest.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — Request a copy of the personal data we hold about you
• Correction — Request correction of inaccurate or incomplete data
• Deletion — Request deletion of your personal data
• Portability — Request your data in a portable, machine-readable format
• Objection — Object to certain processing of your personal data
• Restriction — Request restriction of processing in certain circumstances

To exercise any of these rights, please contact us at portal@everyais.com. We will respond to your request within 30 days.

8. Data Security

We implement industry-standard security measures to protect your data:

• TLS encryption for all data in transit
• AES-256-GCM encryption for stored provider credentials
• SHA-256 hashing for API keys (plaintext keys are never stored)
• JWT-based authentication with JWKS verification
• Rate limiting to prevent abuse
• Regular security audits and monitoring

9. Children's Privacy

Our Service is not intended for individuals under the age of 14. We do not knowingly collect personal information from children under 14. If we learn that we have collected personal data from a child under 14, we will take steps to delete such information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be identified by an updated version number and effective date. We will notify you of material changes through the Service or via email. Your continued use of the Service after the effective date constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us: