Privacy Policy
Last updated: October 2025
Introduction
Komilion ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our intelligent LLM routing and API service.
Information We Collect
Account Information
When you create an account, we collect your email address, name, and password. If you sign up with Google SSO, we also receive your profile information from Google.
API Usage Data
We log API requests including timestamps, model selections, token usage, and costs to provide service analytics, intelligent recommendations, and accurate billing.
Payment Information
Payment data is processed securely through Stripe. We do not store complete credit card numbers on our servers. Only transaction metadata is retained for billing purposes.
How We Use Your Information
- To provide and maintain our LLM routing and API service
- To generate intelligent model recommendations based on task types
- To process your payments and wallet top-ups
- To send you service updates, usage alerts, and technical notices
- To monitor usage patterns and improve our recommendation algorithms
- To detect and prevent fraud, abuse, or misuse of our service
- To comply with legal obligations and enforce our terms of service
Data Sharing and Disclosure
We do not sell your personal information. We may share your information with:
- LLM providers (OpenAI, Anthropic, Google, etc.) when you make API requests to their models
- Payment processors (Stripe) for secure transaction processing
- Service providers who assist in operating our platform and infrastructure
- Law enforcement or regulatory bodies when required by law or to protect our rights
Data Retention
We retain your account information and usage data for as long as your account is active or as needed to provide services. Usage logs are retained for billing and analytics purposes. You may request account deletion at any time by contacting our support team. Upon deletion, we will remove your personal data within 30 days, except where retention is required by law.
Security
We implement industry-standard security measures including encryption in transit and at rest, secure authentication via NextAuth.js, regular security audits, and access controls. API keys are encrypted and stored securely. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.
Your Rights
You have the right to:
- Access your personal information and usage data
- Correct inaccurate or incomplete data
- Request deletion of your account and associated data
- Export your usage data and API logs
- Opt out of marketing communications
- Object to processing of your personal information
- Lodge a complaint with a supervisory authority
Cookies and Tracking
We use essential cookies for authentication and session management via NextAuth.js. These cookies are necessary for the proper functioning of our service. We do not use third-party advertising cookies or cross-site tracking technologies. You can disable cookies in your browser settings, but this may affect the functionality of our service.
Third-Party Services
Our service integrates with third-party LLM providers and services:
- OpenAI, Anthropic, Google, Cohere, Mistral, and other LLM providers
- Stripe for payment processing
- Google for SSO authentication
- LLMArena for model performance data
Each third-party service has its own privacy policy governing the use of your data. We recommend reviewing their policies.
Children's Privacy
Our service is not intended for users under 13 years of age. We do not knowingly collect information from children. If we learn that we have collected personal information from a child under 13, we will take steps to delete such information promptly.
International Data Transfers
Your information may be transferred to and maintained on servers located outside of your jurisdiction where data protection laws may differ. By using our service, you consent to the transfer of your information to the United States and other countries where our service infrastructure is located.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of material changes via email or through a prominent notice on our website. The "Last Updated" date at the top of this policy indicates when it was last revised.
GDPR Compliance
If you are a resident of the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including the right to data portability, the right to restrict processing, and the right to object to automated decision-making. Our legal basis for processing your data is your consent, performance of our contract with you, and our legitimate business interests.
Contact Us
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how your data is handled, please contact us:
- Email: [email protected]
- Contact Form: Visit our contact page
We will respond to your inquiry within 30 days.
