Last updated: 4 February 2026
This Privacy Policy explains how LLM7.io (“we”, “us”, “our”) collects and processes your personal data when you use our website and API, including token.llm7.io. We operate from the United Kingdom and comply with the UK GDPR and, where applicable, the EU GDPR. Access to the API requires an API token issued via token.llm7.io.
Controller: LLM7.io (operated by an individual)
Email: support@llm7.io
Account & authentication
- Email address from Google OAuth at sign-in/registration.
- Minimal OAuth metadata required to verify your sign-in (e.g.,
email_verified).
Tokens, subscriptions & usage (service operation)
- Token issuance/revocation, expiry, status.
- Subscription plan selection/status (e.g., Free, Pro), renewal dates, and applied promotions (e.g., promo codes).
- Usage counters/quotas and timestamps for rate-limiting, abuse prevention, reliability, and troubleshooting.
- Basic performance/error metrics.
Network & security
- Our edge provider (Cloudflare) may process IP addresses, timestamps, and security/event logs to deliver and protect the service.
We do not intentionally collect special category data. We do not sell personal data.
-
Provide and operate the service (account, sign-in, token management, subscriptions, API access).
Legal basis: Contract (Art. 6(1)(b)). -
Secure, monitor, and improve the service (rate-limits, fraud/abuse prevention, reliability, debugging).
Legal basis: Legitimate interests (Art. 6(1)(f)). -
Legal compliance (e.g., responding to lawful requests).
Legal basis: Legal obligation (Art. 6(1)(c)). -
Billing/fulfilment (processing subscription status and promotions; payment is handled by our payment processor—card details are not stored on our servers).
Legal basis: Contract (Art. 6(1)(b)). -
Communications (see Section 6).
Legal basis: Contract (transactional/service emails) and Consent (optional updates), or Legitimate interests where permitted with a clear opt-out.
We use Cloudflare for hosting, storage, networking, and security and act as the data controller while Cloudflare acts as our processor under its DPA and GDPR programme:
- Cloudflare Customer DPA: https://www.cloudflare.com/en-gb/cloudflare-customer-dpa/
- Cloudflare GDPR Centre: https://www.cloudflare.com/en-gb/trust-hub/gdpr/
- Cloudflare Privacy Policy: https://www.cloudflare.com/en-gb/privacypolicy/
Data may be transferred internationally. We rely on appropriate safeguards (e.g., Standard Contractual Clauses and the UK Addendum) as implemented by Cloudflare.
We share personal data only with:
- Service providers/Processors (primarily Cloudflare) strictly to operate the service; and
- Public authorities if required by law.
We send:
- Transactional/service emails required to operate your account (e.g., authentication, security notices, incident updates, material changes to the service/terms). These are not marketing and generally cannot be opted out without closing your account.
- Optional updates and announcements (e.g., new models, features, or changes). You will receive these only with your consent or, where permitted by law, under legitimate interests with a clear opt-out. Every such email includes an unsubscribe link, and you can change preferences at any time.
We do not sell personal data.
- Email & account data: retained while your account exists.
- Token/usage logs: retained only as necessary to operate, secure, and account for the service.
- Deletion: upon verified request or account deletion, we aim to delete or anonymise personal data within 30 days; residual backups are purged within up to 90 days.
Depending on your location (UK/EEA), you may have rights to access, rectify, erase, restrict, portability, object (for legitimate interests), and to withdraw consent (for consent-based processing).
To exercise your rights, contact support@llm7.io.
You may lodge a complaint with your local authority. In the UK: ICO — https://ico.org.uk/.
We use only strictly necessary cookies/edge storage for authentication, security, and core operation. Google OAuth and Cloudflare may set cookies required for sign-in and security. We do not use third-party advertising cookies.
We use automated rate-limiting and abuse-prevention that may temporarily restrict requests or tokens. These controls do not produce legal or similarly significant effects.
The service is not directed to children. If you are under 13 (or the minimum age in your country), please do not use the service. If we learn we have collected data from a child, we will delete it.
We may update this Policy. The latest version will be posted here with a new “Last updated” date. Material changes will be communicated reasonably (e.g., site notice). Continued use after updates means you accept the revised Policy.
- Terms of Service: https://github.com/chigwell/llm7.io/blob/main/TERMS.md
- Cloudflare Customer DPA: https://www.cloudflare.com/en-gb/cloudflare-customer-dpa/
- Cloudflare GDPR: https://www.cloudflare.com/en-gb/trust-hub/gdpr/
- Cloudflare Privacy Policy: https://www.cloudflare.com/en-gb/privacypolicy/
Questions or requests: support@llm7.io