Legal

Privacy Policy

Last updated: June 21, 2026

This Privacy Policy explains how Eeive ("Eeive", "Company", "we", "our", or "us") collects, uses, stores, protects, shares, and otherwise processes personal information in connection with Eniway, our AI Gateway and AI Infrastructure Layer service. Eniway helps customers route AI requests between their applications and third-party AI providers, manage provider keys, observe usage, analyze request metadata, and operate AI infrastructure.

This Policy applies to the Eniway website, dashboard, APIs, gateway, documentation, authentication system, billing flows, support communications, and related services. It is designed to cover privacy, cookies, security, data processing, international transfers, GDPR-style rights, CCPA-style rights, and related customer data practices in one page.

This Policy does not replace a signed Data Processing Addendum or enterprise agreement. If Eeive and a customer sign a separate written agreement that conflicts with this Policy, the signed agreement controls for that customer only to the extent of the conflict.

Important: This Policy should be reviewed by a qualified privacy attorney before commercial launch, especially if Eeive serves users in the European Economic Area, United Kingdom, United States, California, or other jurisdictions with specific data protection laws.

Table of Contents

1. Scope
2. Data Roles
3. Information We Collect
4. API Keys and Provider Keys
5. Gateway Metadata and AI Request Processing
6. How We Use Information
7. Legal Bases for Processing
8. Cookie Policy
9. How We Share Information
10. Third-Party AI Providers
11. Subprocessors
12. Data Retention
13. Security Policy
14. Data Processing Addendum Principles
15. International Data Transfers
16. GDPR and UK GDPR Rights
17. California and U.S. State Privacy Rights
18. Children's Privacy
19. Account Deletion and Privacy Requests
20. Changes to this Policy
21. Contact

1. Scope

This Policy applies when you visit the Eniway website, create an account, log in, use the dashboard, create projects, generate Eniway API keys, connect provider keys, send requests through the Eniway gateway, use documentation, subscribe to a plan, contact support, or otherwise interact with Eniway.

This Policy does not govern the privacy practices of Third-Party AI Providers, payment processors, hosting providers, email providers, analytics providers, or other third-party services that are not controlled by Eeive. Those services may process information under their own terms and privacy policies.

2. Data Roles

Depending on the context, Eeive may act as a data controller, business, processor, or service provider under applicable privacy laws. For account data, billing data, website analytics, security logs, and business operations, Eeive usually acts as an independent controller. For Customer Content routed through Eniway on behalf of a customer, Eeive may act as a processor or service provider to the extent required by applicable law and the customer's instructions.

Customers are responsible for determining whether they are controllers or businesses for the personal data they submit through Eniway. Customers are responsible for providing notices, obtaining consents, choosing legal bases, honoring end-user rights, configuring provider settings, and ensuring that their use of Eniway complies with privacy laws.

3. Information We Collect

We collect information that you provide directly, information generated through your use of Eniway, and information collected automatically by our systems.

3.1 Account Information

We may collect your name, email address, username, company name, role, password hash, account status, email verification status, plan information, team membership, permissions, profile settings, and other information needed to create and manage your account.

3.2 Authentication and Security Information

We may collect login timestamps, session identifiers, IP addresses, device identifiers, browser information, failed login attempts, password reset events, token refresh events, security alerts, audit logs, abuse signals, and related authentication metadata.

3.3 Billing Information

Paid subscriptions are processed through BlockBee crypto checkout. We may receive limited billing information such as subscription status, plan, payment status, billing email, transaction identifiers, crypto currency, crypto amount, and payment processor references. We do not intentionally store full payment card numbers on Eniway servers.

3.4 Project and Workspace Information

We may collect project names, project IDs, tenant IDs, workspace names, provider configuration, model configuration, routing settings, environment labels, plan limits, analytics settings, caching settings, and other configuration data needed to operate the Service.

3.5 API Keys and Provider Keys

We may process Eniway API Keys and customer-supplied Provider Keys. Where technically appropriate, keys are encrypted before storage. We aim not to intentionally log raw keys. Key prefixes, masked keys, key IDs, creation times, last-used times, expiration status, project associations, and usage metadata may be stored for security, dashboard display, auditing, and key management.

3.6 Gateway Metadata

When requests pass through Eniway, we may collect Gateway Metadata such as provider, model, token counts, estimated cost, cache status, latency, status code, error code, request ID, project ID, tenant ID, route, timestamp, region, retry status, and other technical metadata needed for analytics, billing, debugging, abuse prevention, reliability, and service improvement.

3.7 Customer Content

Customer Content may include prompts, messages, instructions, request bodies, files, tool parameters, or other input routed through Eniway. Eniway is designed primarily as a gateway. Unless logging, debugging, caching, retention, or a similar feature is enabled or required for security and service operation, Eeive does not intend to permanently store raw prompts and model responses as a default business purpose. However, some content may be temporarily processed in transit, cached if enabled, stored in error logs if necessary, or retained when required by settings, law, abuse prevention, support, or security needs.

3.8 Device, Browser, and Usage Information

We may collect IP address, browser type, operating system, device type, language settings, referring pages, pages viewed, click events, session duration, approximate location derived from IP address, and other technical information generated when you use the website or dashboard.

3.9 Support and Communications

If you contact support, send feedback, report a bug, request deletion, or communicate with Eeive, we may collect the content of your message, email address, attachments, account identifiers, diagnostic details, and any information needed to respond.

4. API Keys and Provider Keys

Provider Keys are sensitive credentials. Eniway may store them so that the gateway can route requests to Third-Party AI Providers selected by the Customer. We use commercially reasonable measures designed to protect Provider Keys, such as encryption before storage, masked display, access controls, and avoiding intentional logging of raw keys.

Customers remain responsible for rotating Provider Keys, revoking exposed keys, reviewing provider dashboards, applying least privilege where providers support it, monitoring provider usage, and ensuring that provider accounts are configured correctly. If you believe a key has been exposed, you should revoke it at the provider and in Eniway immediately.

5. Gateway Metadata and AI Request Processing

Eniway processes AI requests as an infrastructure layer. Requests may include prompts, model parameters, metadata, and other Customer Content. Eniway may transmit those requests to Third-Party AI Providers selected or configured by the Customer. Eniway may receive AI Outputs from those providers and return them to the Customer application.

To operate the gateway, Eniway may process Gateway Metadata for observability, analytics, billing, cost estimation, rate limiting, routing, caching, debugging, abuse detection, incident response, provider troubleshooting, and service improvement. Gateway Metadata may be shown in dashboards and analytics pages.

If Eniway offers caching, logging, replay, debugging, tracing, or analytics features, enabling those features may affect what is stored and for how long. Customers should choose settings appropriate for the sensitivity of their data and legal obligations.

6. How We Use Information

We use information to:

• provide, operate, maintain, and improve Eniway;
• create and secure accounts;
• authenticate users and protect sessions;
• route requests to Third-Party AI Providers;
• manage projects, API keys, provider keys, and gateway configuration;
• provide analytics, usage metrics, cost visibility, and billing records;
• process subscriptions, invoices, taxes, payments, and refunds;
• detect, prevent, and respond to abuse, fraud, spam, attacks, and security incidents;
• debug errors, improve latency, maintain reliability, and monitor infrastructure health;
• communicate with you about account, security, product, billing, legal, and support matters;
• enforce Terms of Service and provider requirements;
• comply with legal obligations and respond to lawful requests;
• develop new features, improve documentation, and understand product usage.

7. Legal Bases for Processing

Where GDPR, UK GDPR, or similar laws apply, we process personal data under one or more legal bases, including performance of a contract, legitimate interests, consent, compliance with legal obligations, and protection of vital interests where applicable.

Our legitimate interests may include providing and improving the Service, securing the Service, preventing fraud and abuse, understanding product usage, supporting customers, enforcing terms, and protecting Eeive, customers, providers, and the public. Where consent is required, such as for certain optional cookies or marketing communications, you may withdraw consent as permitted by law.

8. Cookie Policy

Eniway may use cookies, local storage, session storage, and similar technologies. Cookies are small files stored on your device. Some are necessary for the website and dashboard to work, while others may help us understand usage or improve the Service.

8.1 Essential Cookies

Essential cookies are used for login sessions, authentication, token refresh, CSRF protection, security checks, load balancing, account state, and basic website functions. These cookies are necessary for Eniway to operate and generally cannot be disabled without breaking core functionality.

8.2 Preference Cookies

Preference cookies may remember choices such as theme, language, cookie banner status, dashboard settings, or interface preferences. These improve user experience but are not always strictly necessary.

8.3 Analytics Cookies

Analytics cookies or similar technologies may help us understand page visits, feature usage, errors, performance, and product adoption. We aim to use analytics in a way that is reasonable for a developer infrastructure product and not for invasive advertising.

8.4 Advertising Cookies

Eniway does not require advertising cookies for the core product. If Eeive later uses advertising or remarketing cookies, we will update this Policy and, where required, request consent.

8.5 Cookie Choices

You may control cookies through your browser settings and any cookie banner or preference center provided by Eniway. Blocking cookies may affect login, security, dashboard behavior, and core functionality.

9. How We Share Information

We do not sell customer personal information in the ordinary meaning of selling data for money. We may share information with service providers, subprocessors, Third-Party AI Providers, payment processors, security vendors, hosting providers, analytics providers, support tools, legal advisors, authorities, and other parties when necessary for the purposes described in this Policy.

We may share information when you direct us to do so, when required to route a request to a provider, when needed for billing, when needed for security, when required by law, when enforcing our Terms, when protecting rights and safety, or in connection with a merger, acquisition, financing, corporate restructuring, or sale of assets.

10. Third-Party AI Providers

When you configure Eniway to use a Third-Party AI Provider, Eniway may transmit Customer Content, request metadata, account identifiers, provider configuration, and related information to that provider as necessary to process the request. The provider may process the information according to its own terms, policies, data retention settings, safety systems, and account configuration.

Customers are responsible for choosing providers appropriate for their legal, security, privacy, and business requirements. Customers should review each provider's terms, privacy policy, retention settings, data training settings, regional processing options, and compliance commitments before sending data through that provider.

11. Subprocessors

Eeive may use subprocessors and service providers to operate Eniway. Categories of subprocessors may include cloud hosting, database infrastructure, object storage, email delivery, payment processing, analytics, error monitoring, logging, security, customer support, and Third-Party AI Providers selected by customers.

Examples may include payment processors such as BlockBee, cloud infrastructure providers, email delivery services, monitoring tools, and AI providers connected by customers. Eeive may update subprocessors as the Service evolves. Enterprise customers may request a more detailed subprocessor list if available.

12. Data Retention

We retain information for as long as necessary to provide Eniway, comply with legal obligations, resolve disputes, enforce agreements, prevent abuse, maintain security, support billing, and improve the Service. Retention periods depend on the type of data, plan, settings, legal requirements, and operational needs.

Account information may be retained while the account is active and for a reasonable period after deletion. Billing records may be retained for tax, accounting, and legal compliance. Security logs may be retained to detect abuse and investigate incidents. Gateway Metadata may be retained for analytics, billing, debugging, and security. Backups may retain data for a limited period before being overwritten.

Unless a different retention period is stated in a written agreement or dashboard setting, Eeive may use reasonable default retention periods such as: security logs for up to 12 months, gateway metadata for as long as needed for analytics and billing, billing records for legally required accounting periods, deleted account records for a limited deletion and recovery window, and backups until they expire through normal backup rotation.

13. Security Policy

Eeive uses commercially reasonable administrative, technical, and organizational safeguards designed to protect information processed by Eniway. These safeguards may include HTTPS/TLS, encrypted storage for sensitive secrets, password hashing, access controls, audit logs, restricted internal access, monitoring, backups, infrastructure hardening, and incident response procedures.

Passwords should be stored as secure hashes rather than plaintext. Sensitive keys should be protected using encryption and access controls. Raw Provider Keys and raw Eniway API Keys should not be intentionally logged. Administrative access should be limited to personnel with a business need. Security practices may evolve as Eniway grows.

No method of transmission, storage, or processing is perfectly secure. Eeive cannot guarantee absolute security. Customers are responsible for protecting their own accounts, systems, applications, provider accounts, secrets, endpoints, repositories, and users.

If you believe you have discovered a security issue, contact Eeive through the official support or security channel. Do not exploit the issue, access data that is not yours, disrupt the Service, or publicly disclose the issue before Eeive has had a reasonable opportunity to investigate and remediate.

14. Data Processing Addendum Principles

This section summarizes data processing principles that may apply when Eeive processes personal data on behalf of a customer. It is not a complete enterprise DPA, but it is intended to define the baseline approach for Eniway until a separate DPA is provided.

Where Eeive acts as a processor or service provider, Eeive will process personal data only to provide, secure, support, and improve the Service; follow documented customer instructions where required by law; use appropriate confidentiality measures; implement reasonable security measures; assist customers with data subject requests where reasonably possible; and use subprocessors as necessary to provide the Service.

Customers are responsible for determining the categories of personal data they submit, whether sensitive data is included, whether a DPA is required, whether a transfer mechanism is required, and whether Third-Party AI Providers are appropriate subprocessors for their use case. Customers should not submit regulated or sensitive personal data unless they have confirmed that Eniway, their provider settings, and their legal basis support that use.

15. International Data Transfers

Eeive, its service providers, and Third-Party AI Providers may process information in countries other than the country where you are located. These countries may have data protection laws different from those in your jurisdiction.

Where required, Eeive will use appropriate transfer mechanisms, such as Standard Contractual Clauses, data processing terms, adequacy decisions, or other lawful mechanisms recognized by applicable law. Customers are responsible for evaluating international transfers caused by their choice of Third-Party AI Providers and provider regions.

16. GDPR and UK GDPR Rights

If GDPR, UK GDPR, or similar laws apply, you may have rights to access, correct, delete, restrict, object to processing, transfer, or withdraw consent for your personal data. You may also have the right to lodge a complaint with a supervisory authority.

To exercise rights related to your Eeive account, contact us through the official Eniway or Eeive support channel. To exercise rights related to personal data submitted by a customer through Eniway, you may need to contact that customer directly because Eeive may process that data as a processor on the customer's behalf.

We may need to verify your identity and authority before responding to a privacy request. Some information may be exempt from deletion or access where retention is required for security, fraud prevention, billing, legal compliance, dispute resolution, or legitimate business purposes.

17. California and U.S. State Privacy Rights

If applicable U.S. state privacy laws apply, you may have rights to know what personal information is collected, access personal information, delete personal information, correct inaccurate personal information, opt out of certain sharing or selling, limit use of sensitive personal information, and not be discriminated against for exercising your rights.

Eeive does not sell customer personal information for money. If Eeive later engages in activities considered a "sale" or "sharing" under applicable privacy laws, we will update this Policy and provide required choices.

18. Children's Privacy

Eniway is not intended for children under 13 years old, and it is not directed to children. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to Eniway, contact us so we can take appropriate action.

Customers must not use Eniway to process children's personal information unless they have the legal right to do so and have implemented all required notices, consents, safeguards, and provider settings.

19. Account Deletion and Privacy Requests

You may request deletion of your account or personal information through the dashboard if available, or through the official support channels. Deleting an account may remove access to projects, API keys, provider key configuration, analytics, billing features, and other Service data.

Some information may remain in backups, logs, billing records, security records, legal archives, or provider systems for limited periods or as required by law. If your data was transmitted to a Third-Party AI Provider, deletion from Eniway does not automatically delete data from that provider. You may need to contact the provider or adjust provider account settings directly.

20. Changes to this Policy

Eeive may update this Privacy Policy as Eniway evolves, as laws change, or as our data practices change. When we make material changes, we may provide notice through the website, dashboard, email, changelog, or another reasonable method. The updated Policy will be effective when posted unless a later effective date is stated.

Your continued use of Eniway after the updated Policy becomes effective means you acknowledge the updated Policy. If you do not agree with the updated Policy, you should stop using the Service and request deletion where appropriate.

21. Contact

For privacy requests, data deletion, security concerns, or questions about this Policy, contact Eeive through the support channels listed on the official Eniway or Eeive website. We may request information to verify your identity, account ownership, and authority before responding.

Company: Eeive
Product: Eniway AI Gateway / AI Infrastructure Layer
Website: Use the official Eniway or Eeive website for current contact details.