Legal
Privacy Policy
How we collect, use, share, retain, and protect personal data.
Last updated: June 6, 2026
This Privacy Policy explains how Uouo Duo LLC (“Uouo Duo LLC”, “uouo cloud”, “we”, “us”) processes personal data when you use the uouo cloud websites, APIs, AI API relay, routing, billing, support, and related services (the “Service”).
1. Controller and privacy contacts
Uouo Duo LLC is the data controller for account and site data. Uouo Duo LLC has not appointed a Data Protection Officer. Privacy-related questions should be sent to privacy@uouo.cloud.
Uouo Duo LLC has not appointed an EU or UK representative at this time. Users located in the European Economic Area, the United Kingdom, or Switzerland may contact privacy@uouo.cloud regarding privacy-related requests.
2. Data we collect
| Data category | Examples |
|---|---|
| Account data | Email address, username, password hash, account ID, account settings, authentication data |
| Usage data | API usage, model selected, token usage, request count, timestamps, usage balance |
| API request metadata | IP address, request time, endpoint, status code, latency, model routing metadata, error information |
| Prompt and output data | Processed transiently to provide the Service; not saved by default |
| Billing data | Subscription status, payment method metadata, invoices, tax records, billing address where applicable |
| Crypto payment data | Wallet address, transaction hash, chain/network, amount, confirmation status |
| Security data | Login logs, anti-abuse signals, suspicious activity indicators, rate-limit events |
| Support data | Support messages, live chat content, tickets, support history |
| Analytics data | Google Analytics events, page views, device/browser data, approximate location, referral source |
| Bot protection data | Cloudflare Turnstile, WAF, CDN, request metadata, IP address, challenge results, security signals |
| Email data | Email address, email content, delivery status, bounce logs, transactional email metadata |
3. How we use data
We use personal data to:
- provide, operate, secure, and improve the Service;
- route AI requests to enabled third-party model providers;
- calculate usage, balances, credits, invoices, subscriptions, and payments;
- authenticate users and protect accounts, API keys, and workspaces;
- detect, prevent, and investigate abuse, fraud, security incidents, and policy violations;
- provide customer support and send transactional service emails;
- comply with legal, tax, accounting, sanctions, export control, and regulatory obligations;
- measure aggregate site and product usage through analytics where consent is required and obtained.
4. Legal bases for EEA and UK users
Where GDPR or UK GDPR applies, we rely on: performance of a contract to provide the Service; legitimate interests in security, abuse prevention, support, analytics of product performance, and improving the Service; consent for optional analytics cookies and optional communications; and compliance with legal obligations such as tax, accounting, sanctions, export control, and lawful requests.
5. Prompt and output handling
Uouo Duo LLC does not save customer prompts or model outputs by default. Prompts, outputs, and related request data are processed transiently as necessary to provide AI model routing, inference, usage calculation, debugging, security, and abuse prevention. Uouo Duo LLC does not use customer prompts or outputs to train its own AI models.
Prompts, outputs, and request metadata may be sent to enabled third-party AI model providers. Content is retained only if you explicitly save it, if a product feature requires saved history, or where longer retention is necessary for abuse investigation, fraud prevention, security, legal obligations, payment disputes, sanctions compliance, or similar reasons.
6. Sharing and service providers
We may share data with AI model providers that fulfil requests; infrastructure, hosting, analytics, payment, email, support, DNS, CDN, WAF, and bot-protection providers; professional advisors; and authorities where required by law. We do not sell personal data. Our current service provider list is available on the Subprocessors page.
7. International transfers
We operate globally and may process or transfer data in the United States and other countries where we or our service providers operate. Where required, we rely on appropriate safeguards such as contractual commitments, Standard Contractual Clauses, or other lawful transfer mechanisms.
8. Data retention
| Data type | Retention period |
|---|---|
| Account data | Retained while the account is active. |
| Deleted account data | Deleted or anonymized within 30 days after account deletion unless retention is required for legal, tax, accounting, security, fraud-prevention, sanctions, abuse-prevention, or dispute-resolution purposes. |
| Backups | Up to 90 days. |
| API request metadata | Up to 30 days. |
| Security, abuse, and error logs | Up to 90 days, unless longer retention is required for investigation or compliance. |
| Prompts and outputs | Not saved by default; processed transiently to provide the Service. |
| User-saved content | Retained until deleted by the user or until account deletion. |
| Billing, invoice, payment, and tax records | Up to 7 years or longer if required by applicable law. |
| Audit logs | Up to 12 months. |
| Google Analytics data | Intended configuration: 14 months. |
| Email delivery logs | Retained as necessary for account security, password reset, verification, notification, support, and compliance. |
| Legal hold data | Retained as long as necessary to comply with legal obligations, resolve disputes, enforce agreements, prevent fraud, investigate abuse, comply with sanctions/export control duties, or protect service security. |
9. Your privacy rights
Subject to applicable law, you may request access, correction, deletion, restriction, portability, or object to certain processing. You may also withdraw consent where processing is based on consent. To exercise rights, contact privacy@uouo.cloud.
10. California privacy rights
Uouo Duo LLC does not sell personal information for monetary consideration. We use analytics providers such as Google Analytics; to the extent this is considered a “sale” or “sharing” under the CCPA/CPRA, analytics cookies are off by default and are loaded only if you opt in through our cookie banner. You can withdraw consent at any time using the cookie settings link in our footer, which stops any such sharing.
California residents may request to know, access, delete, or correct personal information, and may exercise opt-out rights, by contacting privacy@uouo.cloud. We will not discriminate against you for exercising applicable privacy rights.
11. Cookies, analytics, and security signals
We use strictly necessary cookies and local storage for authentication, session management, security, fraud prevention, and service functionality. We use Google Analytics for analytics where enabled and permitted by your consent settings. We use Cloudflare for DNS, CDN, WAF, Turnstile, traffic protection, bot detection, and abuse prevention. See our Cookie Policy for details.
12. Security
We use HTTPS, access control, API key protection, password hashing, Cloudflare WAF and Turnstile, rate limiting, abuse monitoring, login and security logs, and administrative access controls. No method of transmission or storage is completely secure. Abuse or security reports should be sent to abuse@uouo.cloud.
13. Children
The Service is not intended for minors. Users must be at least 18 years old, or the age of legal majority in their jurisdiction, whichever is higher. We do not knowingly collect personal data from minors.
14. Changes and contact
We may update this Privacy Policy from time to time. Material changes may be notified through the Service or by email. Privacy questions or requests can be sent to privacy@uouo.cloud. Legal notices may be sent to legal@uouo.cloud.