Privian
Get Started

Legal

Privacy Policy

Last updated: 2026-06-07

Privian is in beta. This page describes our current practices and policies in plain language. Material updates will be noted here and on /updates.

1. Overview

Privian operates an AI Security Layer that sits between your application and large language model (LLM) providers. Our purpose is to reduce the amount of sensitive data that ever reaches a provider. This policy explains what personal data we collect, how we handle prompt traffic, and the choices you have. For details on the underlying architecture, see /security/data-handling and /resources/architecture.

2. Personal data we collect

Account data

When you create a Privian account we collect your email address and authentication metadata (sign-in timestamps, provider identifiers for federated sign-in). We use this to operate your account, authenticate requests, and contact you about the service.

Billing data

Subscriptions and one-time payments are processed by Stripe. Stripe collects and stores payment instrument data on our behalf; Privian receives subscription status, plan, amount and last4 / brand of the card for receipts and entitlement enforcement. Privian does not store full card numbers.

Gateway usage metadata

For each gateway request we may store sanitized usage events: timestamp, route, model, status code, latency, token counts where reported by the provider, and counts of masked entities by class. These events are used for billing, quotas, abuse detection, observability and product analytics. They do not contain prompt or response bodies.

Gateway API key metadata

Privian API keys are stored as a SHA-256 hash. We retain the non-secret metadata required for identification and management: creation date, last-used timestamp, last four characters, and labels you assign.

Provider credentials metadata (BYOK)

Provider credentials (for example OpenAI, Anthropic, Google) that you bring to Privian are encrypted at rest with AES-256-GCM. The plaintext is discarded immediately after encryption. Client-visible metadata is limited to the last four characters and a non-reversible HMAC fingerprint used to identify which credential is in use.

Support and feedback data

If you contact us or submit feedback we receive the content of your message and any information you choose to include. We use this only to respond to you and improve the product.

Public marketing analytics

On public marketing pages we use Google Analytics 4, loaded only after you accept analytics in the consent banner. Analytics is not loaded on the authenticated dashboard, settings, admin pages or gateway endpoints. You can change your decision at any time using .

3. How prompt data is handled

Privian is designed to prevent configured sensitive data from being sent to model providers. This requires Privian to transiently process the prompts and responses that pass through the gateway:

  • Prompts are inspected in-memory so that supported sensitive values can be detected and replaced with deterministic placeholders (for example PERSON_1, EMAIL_1) before the request leaves Privian.
  • The masked prompt is then forwarded to the provider you selected, using your BYOK credentials.
  • The provider's response is rehydrated in-memory before being returned to your application, according to your entity policy. Values classified as secrets are not rehydrated.
  • The per-request placeholder → value map exists only in memory and is discarded once the response is returned. Raw prompts and raw responses are not persisted by Privian.

We do not claim that Privian never processes prompts — it must, in order to mask them. We do design the system so that prompt and response bodies are not retained after the request completes.

4. Data we do not intentionally store

  • Raw prompt or response bodies.
  • Plaintext provider credentials or Privian API key plaintext.
  • Full payment card numbers (handled by Stripe).
  • Content of secret values detected during masking.

5. Retention

Account data is retained while your account is active and for a reasonable period afterwards as required for tax, accounting and anti-abuse purposes. Sanitized usage events and rollup metrics are retained for operational and billing purposes; the retention window may evolve as the product matures. Raw prompts and responses are not retained.

6. Sharing and subprocessors

We rely on a small number of vendors to operate the service. See the full list and purposes on our subprocessor page. When you configure a BYOK provider (for example OpenAI, Anthropic, Google), that provider is selected by you and acts under your relationship with them. Privian does not resell access to those providers.

7. Security

Provider credentials are encrypted with AES-256-GCM at rest. Privian API keys are stored as SHA-256 hashes. The gateway is designed to avoid retaining prompt or response content. See /security/data-handling for the detailed model.

8. International transfers and EU / EEA

Privian processes data using the subprocessors listed on our subprocessor page. Where data is transferred outside the EU / EEA (for example to providers operated from the United States), appropriate safeguards such as Standard Contractual Clauses are relied upon by those subprocessors. Business customers requiring a signed Data Processing Addendum should review our DPA overview.

9. Your choices

  • You can update or delete account data by contacting us at support@privian.io.
  • You can rotate or revoke API keys and provider credentials at any time from settings.
  • You can change analytics consent on public pages using .

10. Children

Privian is intended for use by businesses and developers. We do not knowingly process personal data of children under 16.

11. Changes

We will update this policy as our practices evolve. The "Last updated" date above reflects the most recent change. Material changes will also be noted on /updates.

12. Contact

For privacy questions, data requests or DPA inquiries, contact support@privian.io.