Last updated: April 6, 2026

Privacy Policy

This Privacy Policy describes how Dumbell2 LLC (“Dumbell2,” “we,” “us,” or “our”) collects, uses, and discloses information in connection with the inference-relay library and related services (collectively, the “Service”).

1. Information We Collect

We organize information collection into three tiers. Understanding these tiers is central to understanding inference-relay’s privacy architecture.

Tier 1: Account Data

When you create an account, we collect identifying and billing information necessary to provide the Service:

Name and email address (via Clerk authentication)
Authentication tokens and session identifiers
Billing address and payment method details (processed by Stripe; we receive only last-four digits, expiration date, and card brand)
Subscription tier, license key, and activation count

Tier 2: Usage Metadata

The inference-relay library transmits metadata-only telemetry to power your dashboard and enforce license terms. This includes:

Token counts (input and output)
Cost calculations
Latency measurements
Provider and model identifiers
Request timestamps
Fallback chain events and error codes
Library version, Node.js version, and OS platform

Tier 3: Content Data

Content is NEVER collected.

inference-relay does not collect, transmit, store, inspect, log, cache, or process prompt content, completion content, system messages, function or tool definitions, function or tool responses, images, files, or attachments sent to AI providers. Your API keys are used locally within the library and are never transmitted to Dumbell2 servers. This is not a policy decision — it is an architectural guarantee. See Section 9 (“The Dumb Pipe Guarantee”) below.

2. How We Use Information

We use the information described above for the following purposes:

License validation and enforcement. Verifying your subscription status, tier limits, and activation count.
Billing and payment processing. Charging subscription fees, processing upgrades and cancellations, and maintaining billing records.
Usage analytics. Powering your dashboard with cost, latency, and usage data.
Service improvement. Analyzing aggregate, anonymized telemetry to improve reliability, performance, and routing efficiency.
Fraud prevention. Detecting unauthorized license use, key sharing, and circumvention attempts.
Customer support. Responding to your inquiries and resolving technical issues.
Legal compliance. Meeting our obligations under applicable law, including record-keeping requirements.

3. Sub-Processors

We use the following third-party service providers to operate the Service. Each sub-processor receives only the data necessary to perform its function.

Stripeprivacy policy →

Payment processing. Receives billing address, payment method details, and transaction amounts. Stripe is PCI DSS Level 1 certified.

Clerkprivacy policy →

Authentication and identity management. Receives name, email address, and authentication credentials. Manages session tokens and login state.

Convexprivacy policy →

License validation and usage metadata storage. Receives license keys, activation counts, subscription tier, and usage telemetry (token counts, cost, latency, provider, model, timestamps). Does not receive any prompt or completion content.

Upstashprivacy policy →

Rate limiting. Receives request identifiers and timestamps to enforce per-tier call limits. Does not receive any content or billing data.

AI providers (Anthropic, OpenAI, Google, and others) are your providers, not ours. inference-relay connects your code directly to your provider accounts using your own API keys or subscriptions. We do not have a data processing relationship with your AI providers on your behalf.

4. Data Retention

Data Type	Retention Period
Account data	Duration of account + 90 days
Usage metadata	12 months, then aggregated and anonymized
Billing records	As required by applicable law
Content data	N/A — never collected

Upon account deletion, we remove your account data within 90 days. Anonymized, aggregate telemetry that cannot be linked to your identity may be retained indefinitely for service improvement purposes.

5. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

Access. Request a copy of the personal data we hold about you.
Correction. Request correction of inaccurate or incomplete personal data.
Deletion. Request deletion of your personal data, subject to legal retention requirements.
Export. Request a portable copy of your data in a structured, machine-readable format.
Objection. Object to processing of your personal data based on legitimate interests.
Restriction. Request restriction of processing in certain circumstances.

To exercise any of these rights, contact us at privacy@inference-relay.com. We will respond within 30 days.

6. Children

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children under 18. If you are under 18, you may not use the Service. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that data promptly.

7. International Data Transfers

Dumbell2 LLC operates from the Dubai International Financial Centre (DIFC). Your personal data may be transferred to, stored, and processed in jurisdictions outside of your country of residence, including the United States (where our sub-processors may maintain infrastructure). By using the Service, you consent to such transfers. We ensure that any international transfers of personal data are subject to appropriate safeguards, including standard contractual clauses or equivalent mechanisms recognized under applicable data protection laws.

8. Cookies

We use minimal cookies. Clerk, our authentication provider, sets session cookies necessary to maintain your login state. These are strictly functional cookies required for the Service to operate. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. No consent banner is required because we do not use cookies for purposes beyond essential service functionality.

9. The Dumb Pipe Guarantee

Architectural guarantee: prompt and completion content is never transmitted to inference-relay servers.

This is not a policy commitment that could be changed. It is an architectural property of the software. The inference-relay library runs entirely within your local environment. Content flows directly from your code to your AI provider. Our servers never sit in the content path.

The telemetry system is enforced at the type system level. The AuditEvent interface types promptContent as literal false, not boolean. There is no code path that could transmit content even if a developer attempted to modify the library.

// TypeScript type definition
interface AuditEvent {
  promptContent: false;
  tokens: number;
  cost: number;
  latencyMs: number;
  provider: string;
  model: string;
  timestamp: number;
}

We maintain a public TELEMETRY_AUDIT.md file in the library repository and run a CI scan on every release to verify that no code path exists that could transmit prompt or completion content.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (to the address associated with your account) or by posting a prominent notice on the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date of any updated Privacy Policy constitutes your acceptance of the changes.

11. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the Dubai International Financial Centre (DIFC), notwithstanding any conflict of law provisions. Any disputes arising from or relating to this Privacy Policy shall be subject to the exclusive jurisdiction of the DIFC Courts.

12. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Dumbell2 LLC
privacy@inference-relay.com