Privacy Policy
Last updated: July 12, 2025
Privacy First: y-router is designed to be a transparent proxy that does not store your data. However, your requests are processed by third-party API providers with their own privacy policies.
1. Information We Process
1.1 What We Process
- API requests and responses in transit
- Request metadata (timestamps, response codes) for operation
- Technical information required for API format conversion
1.2 What We Do NOT Store
- Your API keys (these are forwarded directly to third-party providers)
- Your conversation content or prompts
- Personal identifying information
- Request history or logs beyond operational necessity
2. Data Flow
How Your Data Moves:
- Your Application → sends request to y-router
- y-router → converts format and forwards to API provider (e.g., OpenRouter)
- API Provider → processes request and returns response
- y-router → converts response format and returns to you
y-router acts as a pass-through service and does not retain data.
3. Third-Party Services
When you use y-router, your data is processed by third-party API providers. These services have their own privacy policies:
Important: y-router cannot control how third-party API providers handle your data. Please review their privacy policies carefully.
4. Technical Implementation
4.1 Cloudflare Workers
y-router runs on Cloudflare Workers, which may temporarily process requests in memory during execution. Cloudflare's privacy practices apply to the infrastructure layer.
4.2 No Persistent Storage
y-router does not use databases or persistent storage for user data. All processing happens in real-time during request handling.
4.3 Logging
Minimal operational logs may be kept temporarily for:
- Error debugging and service improvement
- Performance monitoring
- Security and abuse prevention
These logs do not contain your API keys or conversation content.
5. Your Rights and Choices
5.1 Self-Hosting
For maximum privacy control, you can deploy y-router yourself:
- Full control over your data processing
- No shared infrastructure
- Complete transparency through open-source code
5.2 API Key Security
Best practices for protecting your privacy:
- Use API keys with minimal necessary permissions
- Regularly rotate your API keys
- Monitor API usage through provider dashboards
6. Data Security
6.1 In Transit
- All communications use HTTPS encryption
- API keys are transmitted securely
- No data is cached or stored during transit
6.2 Service Security
- Regular security updates to dependencies
- Minimal attack surface through simple proxy design
- No user authentication or session management
7. International Data Transfers
y-router may process data in various geographic locations through Cloudflare's global network. Third-party API providers may also process data internationally according to their own policies.
8. Children's Privacy
y-router is not intended for use by children under 13 years of age. We do not knowingly collect or process information from children.
9. Changes to This Policy
We may update this privacy policy periodically. Material changes will be reflected by updating the "Last updated" date. Your continued use of the service constitutes acceptance of any changes.
10. Compliance and Transparency
y-router is designed with privacy-by-design principles:
- Minimize data processing
- Open-source transparency
- No unnecessary data collection
- User control through self-hosting options