Privacy Policy
Last updated: April 3, 2026
1. Introduction
Ingate ("we", "our", "us") operates the ingateai.com website and the Ingate AI gateway service. This policy describes how we collect, use, and protect your personal information when you use our services.
2. Information We Collect
Account Information
When you create an account, we collect your name, email address, and organization name. This information is used to provision your account and communicate with you about the service.
Usage Data
We collect metadata about API requests routed through the gateway, including provider name, model name, token counts, latency, and HTTP status codes. Request and response bodies are logged only for your organization and are never shared with other customers or third parties.
Website Analytics
We collect standard web analytics data (page views, referrer, device type) to improve our website. We do not use third-party tracking pixels or sell analytics data.
3. How We Use Your Information
- To provide and maintain the Ingate service
- To authenticate API requests and enforce rate limits
- To display logs, metrics, and evaluation results in your dashboard
- To communicate service updates, security notices, and billing information
- To improve the reliability and performance of the platform
4. Data Storage and Security
All data is stored in encrypted PostgreSQL databases with encryption at rest (AES-256) and in transit (TLS 1.3). Provider API keys are stored encrypted and never exposed to clients. API keys are hashed with SHA-256 before storage.
We maintain isolated database instances per organization on Enterprise plans. Data residency requirements can be configured on request.
5. Data Retention
Free plan: gateway logs are retained for 7 days. Enterprise plan: retention is configurable (30, 60, 90 days, or unlimited). All data can be exported via the API before the retention period expires. Account data is retained for the duration of your account and deleted within 30 days of account closure.
6. Data Sharing
We do not sell, rent, or share your personal information or API traffic data with third parties. We may share data only in the following circumstances:
- With your explicit consent
- To comply with legal obligations, court orders, or law enforcement requests
- To protect the rights, property, or safety of Ingate, our users, or others
- With service providers who assist in operating our infrastructure, subject to confidentiality agreements
7. PII Redaction
Enterprise customers can enable automatic PII redaction to remove sensitive data (email addresses, SSNs, credit card numbers, phone numbers) from logs before persistence. Custom redaction patterns can be configured.
8. Your Rights
You have the right to:
- Access your personal data
- Correct inaccurate data
- Request deletion of your data
- Export your data in a machine-readable format
- Withdraw consent for optional data processing
To exercise these rights, contact privacy@ingateai.com.
9. Cookies
We use essential cookies for authentication and session management. We do not use advertising or cross-site tracking cookies.
10. Changes to This Policy
We may update this policy from time to time. We will notify you of material changes by email or by posting a notice on our website. Continued use of the service after changes constitutes acceptance of the updated policy.
11. Contact
For questions about this privacy policy, contact us at privacy@ingateai.com.