Privacy Policy

Last updated: May 2026

1. Who we are

Raziel is an independent API marketplace. We are not affiliated with Anthropic, PBC or any of its products. This policy describes how we handle information collected through raziel.fun.

2. What we collect

We collect the minimum necessary to operate the Service:

  • Account data — email address used to create and authenticate your account.
  • Usage metadata — model name, token counts, latency, cost, timestamp, and request status for each API call. No prompt content.
  • Payment data — card payment processing is handled entirely by Polar.sh. We receive confirmation of successful charges and your prepaid balance amount; we do not store full card numbers or card authentication data.
  • Provider tokens — Claude setup tokens are encrypted with AES-256-GCM envelope encryption before storage. Plaintext exists only in memory during request forwarding and is never written to disk or logs.

3. What we do not collect

  • Prompt or response content — requests are forwarded, not stored
  • Browser fingerprints or advertising identifiers
  • Location data beyond what is implicit in your IP address

4. How we use your data

  • To authenticate your account and verify sessions
  • To bill usage and calculate provider payouts
  • To display usage history on your dashboard
  • To detect and prevent abuse or fraud

We do not sell your data, use it for advertising, or train AI models on it.

5. Data sharing

We share data only as necessary to operate:

  • Clerk — handles authentication. Subject to their privacy policy.
  • Polar.sh — processes card payments and manages subscriptions. Your billing details are governed by their privacy policy.
  • Neon (PostgreSQL) — stores account and usage data.
  • Upstash (Redis) — caches listing state for routing.
  • AWS KMS — manages key encryption for provider tokens.
  • Vercel — hosts the application and may collect request-level logs.

We do not share your data with Anthropic or any AI provider beyond what is inherent in forwarding your API request.

6. Cookies and local storage

We use cookies only for authentication (session tokens). No advertising or tracking cookies are set. The raziel CLI stores your API key locally in ~/.config/raziel/config.json on your own machine — this is not transmitted to us except as the bearer token on each request.

7. Retention

Usage events are retained for as long as your account is active and for a reasonable period thereafter for billing reconciliation. You may request deletion of your account by contacting us. Note that payment records required for financial compliance may be retained for the period required by applicable law regardless of account deletion.

8. Security

Provider tokens are encrypted at rest using AES-256-GCM with KMS-managed keys. All traffic is TLS-encrypted in transit. We follow the principle of least privilege for internal service access.

9. Your rights

Depending on your jurisdiction you may have the right to access, correct, or delete your personal data. To exercise these rights, contact us via the dashboard or email listed below.

10. Changes to this policy

We may update this policy from time to time. The date at the top reflects the most recent revision. Continued use of the Service after changes constitutes acceptance of the revised policy.

11. Contact

Questions about this policy can be directed to the contact information available on the dashboard, or by opening an issue if the project is open source.