Privacy Policy

Orqen AI Ltd (company number 17241802), registered in England and Wales, with a registered office at 66 Paul Street, London EC2A 4NA, provides an API and dashboard for agent payload optimisation, tool routing, model routing, usage analytics, billing, and account management. Orqen is the trading name. Orqen AI Ltd is the data controller for personal data processed under this policy.

Orqen AI Ltd is registered with the Information Commissioner's Office (ICO) as a data controller. Registration number ZC156922, registered 26 May 2026, renewal due 25 May 2027.

You can contact us about privacy at privacy@orqen.app or for support at support@orqen.app.

• Account data: name, email address, Supabase user ID, account tier, and account creation date.
• Authentication and security data: sessions, hashed Orqen API keys, key prefix, key name, rate limits, saved-token budgets, and last-used timestamps.
• Provider credentials: customer-supplied LLM provider credentials encrypted at rest and decrypted only when needed to proxy a request.
• Usage and routing metadata: request time, model, status code, latency, token counts, tool counts, routing mode, tools called, and privacy-preserving routing traces. We do not intentionally store raw prompts, raw responses, or provider request bodies in request logs.
• Billing data: Stripe customer ID, subscription ID, subscription tier, subscription status, billing period dates, and payment portal events. Payment card data is handled by Stripe, not stored by Orqen.
• Analytics data, only when allowed: PostHog page views, interaction events, referrer, browser, device, and approximate usage context.
• Diagnostics data: Sentry error and performance events, server logs, request URLs, browser or runtime context, stack traces, and related troubleshooting metadata. Browser diagnostics are controlled by your diagnostics consent choice and are not intentionally tagged with Orqen customer IDs.

• To create and secure accounts, authenticate users, issue API keys, prevent abuse, and provide customer support.
• To route requests to connected providers, estimate savings, enforce plan and key budgets, show usage history, improve routing quality, and operate billing.
• To understand product usage and improve Orqen when analytics consent is granted.
• To diagnose errors, maintain reliability, investigate security issues, and protect the service.
• To comply with legal obligations, enforce terms, and handle disputes or lawful requests.

For UK and EEA users, we process account, routing, provider, and billing data where needed to provide Orqen under our contract with you. We process security, abuse prevention, and service reliability data based on legitimate interests. We process optional product analytics and browser diagnostics based on consent, which you can withdraw at any time.

Essential storage is used for authentication, security, billing flows, and remembering privacy choices. Optional analytics and browser diagnostics are disabled by default until consent is granted. You can change your choices from the Cookie Policy page.

We share data only where needed to run Orqen or where legally required. Current service providers include:

• Supabase for authentication and database services.
• Stripe for checkout, subscriptions, invoices, customer portal, and payment processing.
• PostHog for consented product analytics and optional log/analytics ingestion.
• Sentry for diagnostics, error monitoring, performance monitoring, and operational logs.
• AWS for key management (KMS) and infrastructure services used in credential encryption.
• Railway for application hosting and deployment infrastructure.
• Resend for transactional email notifications such as usage alerts.
• Groq for optional internal enrichment processing used in certain Pro optimisation paths. This is Orqen-operated infrastructure, not user-configurable.
• LLM providers selected or connected by you, when Orqen proxies requests on your behalf.

Enterprise customers requiring a formal Data Processing Agreement (DPA) may contact security@orqen.app.

Some of our service providers process data outside the United Kingdom. Supabase, Stripe, Sentry, PostHog, and AWS may transfer or process personal data in the United States or other jurisdictions. Where personal data is transferred outside the UK, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs), the UK International Data Transfer Agreement (IDTA), adequacy decisions, or equivalent protections provided under each processor's data processing agreement. You can request details of the specific safeguards in place by contacting privacy@orqen.app.

Request logs are retained for the configured retention period, currently 90 days by default, unless a shorter deletion requirement applies. Account records, API keys, provider credentials, billing pointers, routing preferences, and customer-specific routing statistics are kept while the account is active. Backups may retain deleted data until overwritten, but deleted data is put beyond active use. Stripe, PostHog, Sentry, and Supabase may retain limited records under their own legal, security, or operational obligations.

Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or export personal data. You may also withdraw consent for optional analytics or browser diagnostics. Use the dashboard deletion control or contact privacy@orqen.app. We aim to respond to privacy rights requests within one month unless a lawful extension applies.

When you delete your account, Orqen permanently deletes the local customer record and associated API keys, provider keys, request logs, routing preferences, model stats, tool stats, and customer-specific dashboard data. Where configured, we also delete the matching Supabase Auth user, Stripe customer, and PostHog person/events tied to your Orqen customer ID. Browser diagnostics are minimised and not intentionally linked to your Orqen customer ID. Some records may be retained where required for legal obligations, security, fraud prevention, dispute handling, or backup overwrite schedules.

Orqen uses hashed API keys, encrypted provider credentials, access controls, HTTPS in production, retention controls, and monitoring. No online service can guarantee absolute security, but we design the system to minimise personal data and remove customer data cleanly when accounts are deleted.

We may update this policy as Orqen changes. Material changes will be reflected by updating the date above and, where appropriate, notifying account holders.