CrossModel
CrossModel

Privacy Policy

We take privacy and data security seriously. This Policy explains how CrossModel handles information when providing a multi-model API gateway service.

Last updated: May 21, 2026

1. Scope

This Privacy Policy explains how CrossModel collects, uses, stores, shares, and protects your personal information and service data when you visit our website, create an account, use the console, add balance, create API keys, call model APIs, read documentation, or contact us.

Third-party model providers, payment processors, identity services, email services, analytics tools, and third-party websites you access through links may have their own privacy policies. You should review and comply with those policies as well.

2. Information We Collect

  • Account information: email address, username, password hash, login method, email verification status, account status, and creation and update timestamps.
  • Authentication and security information: login records, session identifiers, verification-code requests, failed-attempt counts, IP address, device and browser information, risk-control records, and audit logs.
  • Billing information: recharge orders, payment status, balance changes, usage records, model prices, token counts, refunds, and billing-handling records.
  • API and model-call information: API key identifiers, request timestamps, model IDs, routing results, status codes, latency, error messages, input and output token counts, cache-hit information, and troubleshooting metadata that is reasonably necessary to operate the service.
  • User Content: prompts, context, files, images, tool-call parameters, and model responses. We process User Content only as needed to provide the service, troubleshoot issues, calculate billing, protect security, comply with obligations, or support features you enable.
  • Communications: contact details, issue descriptions, attachments, and related information that you provide through email, forms, support channels, tickets, or other communications.
  • Automatically collected information: cookies, local storage, page visits, clicks, referrers, device type, operating system, browser type, language, time zone, and approximate network location.

3. How We Use Information

  • Create and maintain accounts; support login, registration, verification codes, password resets, session management, and account-security protection.
  • Provide model APIs, request routing, protocol conversion, the model catalog, console, billing, balance, usage analytics, and documentation.
  • Process balance top-ups, charges, temporary holds, settlement, refunds, reconciliation, invoices, and billing disputes.
  • Monitor service performance, troubleshoot errors, improve stability, optimize model routing, and improve the user experience.
  • Detect abnormal requests and help prevent fraud, abuse, attacks, spam, unauthorized access, and violations of the Terms of Service.
  • Send necessary notices, such as verification codes, billing status, security alerts, service changes, policy updates, and important operational messages.
  • Send product updates, promotions, or marketing messages where we have consent or another lawful basis. You may opt out using the method provided in those messages.
  • Comply with laws, regulations, regulatory requirements, court orders, and government requests, and protect the lawful rights and interests of CrossModel, users, partners, and the public.

4. User Content and Model Providers

We may need to forward your input, required metadata, and authentication details to the relevant third-party model provider in order to complete a model request. Different providers may follow different rules for data retention, training use, logging, content review, and regional transfer.

CrossModel seeks to apply reasonable data-minimization and security measures, but we cannot fully control how third-party model providers handle data after they receive it. You should not submit personal sensitive information, trade secrets, regulated data, or highly confidential information unless you have confirmed that the selected model and your intended use satisfy your compliance requirements.

5. Cookies and Analytics Technologies

We may use cookies, local storage, logs, pixels, SDKs, or similar technologies to keep you signed in, remember preferences, analyze usage trends, measure feature performance, troubleshoot problems, and protect account security.

You can restrict or delete cookies through your browser settings. Disabling necessary cookies may prevent login, console, or security features from working properly.

6. How We Share Information

  • Service providers: we share necessary information with providers of cloud infrastructure, databases, cache services, email, payments, risk control, analytics, monitoring, support, and security services.
  • Model providers: to complete model requests initiated by you, we transmit the necessary inputs, parameters, and metadata to the corresponding model or API provider.
  • Organization account members: if you belong to an organization account, organization administrators may be able to view members, API keys, usage, billing, permissions, and organization-related settings.
  • Business changes: in a merger, acquisition, financing, asset transfer, restructuring, or similar transaction, information may be transferred as a business asset, subject to appropriate protection requirements for the recipient.
  • Legal and safety reasons: we may disclose necessary information when required by law, regulatory request, or legal process, or to enforce agreements, investigate abuse, protect rights, or prevent harm.
  • With your consent: we may share information in other situations when you explicitly authorize us to do so.

7. Data Retention

We retain information for as long as needed to fulfill the purposes described in this Policy, including providing the service, maintaining accounts, reconciling billing, handling disputes, conducting security audits, meeting compliance requirements, and restoring backups. After that period, we delete, anonymize, or otherwise handle the information as permitted by law.

Retention periods for API request logs, usage records, and security audit logs may vary based on troubleshooting, billing, risk-control, and compliance needs. After account deletion, some information may still be retained for legal, financial, audit, or security purposes.

8. Data Security

We use reasonable technical and organizational measures to protect information, including access controls, encryption in transit, key protection, permission isolation, log auditing, backups, and security monitoring.

No internet transmission or electronic storage system can be guaranteed to be completely secure. You should also protect your password, API keys, devices, and network environment, and avoid exposing secrets in clients, repositories, logs, or frontend code.

9. Your Rights and Choices

  • You can sign in to view and update certain account information.
  • You may request access to, correction of, deletion of, copying of, or export of your personal information, subject to legal requirements, billing and audit obligations, security and risk-control needs, and technical limitations.
  • You can delete or rotate API keys, stop using particular models, or stop using CrossModel.
  • You can opt out of non-essential marketing messages using the unsubscribe method provided in those messages, although you may still receive account, security, billing, and service-related notices.
  • To exercise your rights, submit a request through the contact channels published by CrossModel. To protect account security, we may need to verify your identity before responding.

10. International Transfers

Because model providers, cloud infrastructure, payment channels, and analytics services may be located in different countries or regions, your information may be transferred to, stored in, or processed outside your location. We take reasonable contractual, technical, and organizational measures to protect that information.

11. Children's Privacy

CrossModel is intended for developers and organizations and is not directed to children. If you are a minor, you should use the service only with consent and guidance from a parent or legal guardian. If we learn that we collected a child's personal information without legally required consent, we will delete it or take other required measures.

12. Updates to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide notice through the website, console, email, or another reasonable channel. If you continue using the service after the update takes effect, you understand and accept the updated Policy.

13. Contact Us

If you have questions about privacy, data security, or personal-information rights, please contact us through the channels published on the CrossModel website or console.