Skip to main content
COSTWAVE
SIGN INSIGN UP →

Privacy Policy

Last updated: May 3, 2026

1. Information We Collect

We collect the following types of information:

  • Account information: email address, name, password (hashed)
  • Usage data: LLM provider usage statistics, costs, and metadata
  • API keys: encrypted with AES-256-GCM (zero-knowledge architecture)
  • Billing information: processed and stored by Stripe
  • Technical data: IP address, browser type, device information

2. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Process your payments and manage subscriptions
  • Send you service-related notifications and alerts
  • Improve and optimize the Service
  • Comply with legal obligations

3. Zero-Knowledge Encryption

Your LLM provider API keys are encrypted using AES-256-GCM with keys derived from your password using Argon2id. We cannot decrypt your API keys without your password. If you lose your password, you will lose access to your encrypted API keys.

4. Data Sharing

We do not sell your personal information. We share data with:

  • Stripe: for payment processing
  • Resend: for transactional emails
  • Service providers: under strict confidentiality agreements
  • Legal authorities: when required by law

5. Data Retention

We retain your data for as long as your account is active. After account deletion, we retain certain data for up to 30 days for backup purposes, then permanently delete it. Billing records are retained for 7 years for legal compliance.

6. Your Rights (GDPR)

If you are in the EU, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion of your data
  • Object to processing
  • Data portability
  • Withdraw consent

To exercise these rights, contact us at: privacy@costwave.app

7. Cookies

We use essential cookies for authentication and session management. See our Cookie Policy for details.

8. Security

We implement industry-standard security measures including encryption at rest and in transit, regular security audits, and access controls. However, no system is 100% secure.

9. International Transfers

Your data is stored in the EU (France). If you access the Service from outside the EU, your information may be transferred internationally. We ensure appropriate safeguards are in place.

10. Children's Privacy

The Service is not intended for users under 18 years old. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the Service.

12. Contact Us

For privacy questions or to exercise your rights, contact us at: privacy@costwave.app